Mil STD 882b

S-OS-.
o/
MIL-STD-882B
30 M a r c h 1984
SUPERSEDING
MIL-STD-882A
.28 June 1977
M I L I T A R Y STANDARD .
SYSTEMSAFETY PROGRAM REQUIREMENTS
AMSC Number F3329 FSCSAFT
. T H I S DOCUMENT CONTAINS y' PAGES.
Licensed by Information Handling Services

MIL-STD-882B
30 March1984
DEPARTMENT
OFDEFENSE
WASHINGTON, DC 20301
System Safety Program Requirement s

MIL-STD-882B
1. T h i sM i l i t a r yS t a n d a r d i s approved f o r useby a l l Departmentsand

Agencies o f theDepartment o f Defense.
2. B e n e f i c i a l comments (recommendations,additions,deletions)andanyper-
tinentdatawhich may be o f use i n i m p r o v i n g t h i s documentshouldbe
addressedto: HQ Air ForceSystems Command (ALX ComSO), Andrews AFB, ,
Washington, DC 20334, b y u s i n g t h e s e l f - a d d r e s s e d S t a n d a r d i z a t i o n Document
ImprovementProposal (DD Form 1 4 2 6 )a p p e a r i n ga tt h e end o f t h i s document o r .S
by 1e t t e r .
3. MIL-STD-882B i s exemptfrom OMB a p p r o v a al c t i o n . It i s consideredtech-

n i c a l i n f o r m a t i on i n c i d e n t t o t h e d e s i g n , p r o d u c t i o n , o r o p e r a t i o n o f
c o n t r a c t i t e m s and i s n o t s u b j e c t t o r e v i e w u n d e r p r o v i s i o n s o f paragraph
9b, attachment A, OMB C i r c u l a r A-40, r e v i s e d by OMB T r a n s m i t t a l Memorandum
No. 1, February 10, 1976. .

I
.- . . - " .. ._ .
MIL-STD-882B 9779933 0359857 2 T l
MIL-STD-882B
30 March 1984
c FOREWORD
The principalobjective of asystem safety program w i t h i n the Department of

Defense (DoD) i s t o make sure safety, consistent w i t h mission requirements, i s
designed intosystems,subsystems,equipment, and f a c i l i t i e s , and t h e i r i n t e r -
faces.
DoD has approved this mil i t a r y standard f o r a l l DoD departments and agencies
to use i n developing system safety programs.
The degreeofsafetyachieved i n a system depends d i r e c t l y on management
emphasis. Governmentand contractorswillapply management emphasis t o safety
d u r i n g the system acquisition process and t h r o u g h o u t the 1 ife cycle of each
system, making sure mishap risk i s understood and risk reduction i s always
considered i n the management review process.
e The success of the system safety effort depends on d e f i n i t i ve statements of
safety objectives and requirements by the managing a c t i v i t y and t h e i r
translation i n t o functional hardware and software. A formal safety program
t h a t stresses early hazard identification and elimination or reduction o f
associated risk t o a 1 eve1 acceptable to the managing a c t i v i t y i s t h e
principalcontribution of effective system safety.Seleciveapplication and
the tailoring o f t h i s m i l i t a r y standard must be accomplished, as indicated
herein, to specify the extent of contractual and DoD in-house compl i ance G
iii
A-3
. . .......
MIL-STD-882B
30 March 1984
CONTENTS
1 Paragraph Page
I
1
1.
111
SCOPE
Purpose
....................................................
................................................. 1
1
:
1
1.2
1.3
Applicability
Appl ic a t i on
...........................................
............................................. 1
1
1.3.1 ApplyingTasks ..........................................
Tail oring of Task Descriptions .......................... 1
1
1.3.2
1.3.2.1 .................................
D e t a i l s t o be S p e c i f i e d 1
1.3.2.2
1.3.2.3 Method o f Reference
....................................
A p p l i c a t i o nG u i d a n c e
..................................... 1
2
1.3.3
2.. REFERENCED DOCUMENTS
................................
C o n f l i c t i n gR e q u i r e m e n t s
.................................... 2
2
3
3.1
DEFINITIONS AND ABBREVIATIONS
Definitions
...........................
............................................. 2
2
3.1.1
3.1.2
Contractor
Damage
..............................................
.................................................. 2
3.1.3
3.1.4
Hazard ..................................................
HazardousEvent .........................................
3.1.5
3.1.6
.............................
H a z a r d o u sE v e n tP r o b a b i l i t y
......................................
Hazard P r o b a b i l i t y
3.1.7
3.1.8
.........................................
H a z a r dS e v e r i t y
Managing A c t i v i t y.......................................
=
3.1.9
3.1.10
Mishap ..................................................
......................................
O f f - t h e - s h e l fI t e m
2
2
=
3.1.11
3.1.12
Risk
Safety
....................................................
.................................................. 3
3
3.1.13
3.1.14
Subsystem
System
...............................................
.................................................. 3
3
3.1.15
3.1.16
System S a f e t y ...........................................
..................................
System S a f e t yE n g i n e e r
3
3
3.1.17
3.1.18 System SafetyGroup/WorkingGroup
...............................
System S a f e t yE n g i n e e r i n g
....................... 3
3
3.1.19
3.1.20
System S a f e t y Management
System S a f e t y Manager
................................
................................... 3
3
3.1.21
3.1.22
System S a f e t y Program
System S a f e t y ProgramPlan
...................................
.............................. 3
4
3.2 Abbreviations ........................................... 4
4.
4.1
SYSTEMSAFETYREQUIREMENTS
System S a f e t y Program
..............................
................................... 4
4
4.2
4.3
System S a f e t y ProgramObjectives
System SafetyDesignRequirements
........................
....................... 4
5
4.4
4.5
System SafetyPrecedence
RiskAssessment
................................
.......................................... 6
6
4.5.1
4.5.2
.........................................
H a z a r dS e v e r i t y
......................................
H a z a r dP r o b a b i l i t y
6
7
4.6
5. TASK DESCRIPTIONS
............................
A c t i o no nI d e n t i f i e dH a z a r d s
....................................... 8
8
i V
2668 A-4
MIL-STD-882B
30 March 1984
I
c TASK
SECTION 100 - PROGRAM MANAGEMENT AND UNTROL
Page
100-1 - 100-2
-
TASK
100
1 o1
System SafetyProgram
System Safety Program Plan
..................................
.................. .......... 100-3 - 100-4
101-1 - 101-4
102 I n t e g r a t i on/Management o f A s s o c i a t e C o n t r a c t o r s ,
... ........................ 103-1

S u b c o n t r a c t o r s ,a n dA r c h i t e c t 102-1 - 102-4
and EngineeringFirms
103 System Safety Program Reviews - 103-2
104 System S a f e t y Group/System SafetyWorkingGroupSupport 104-1 - 104-2
105
1.06
HazardTrackingandRis-kResolution ....................
..............................
105-1 - 105-2
........................ 107-1
T e s t and E v a l u a t i p n S a f e t y 106-1 - 106-2
107 System S a f e t yP r d g r e s s Summary - 107-2
1oa Qualific a t i ons o f Key Contractor System Safety Engineers/
Managers ................ ....... .................... 108-1 - 108-2
SECTION
TASK 200 - DESIGN AND EVALUATION 200-1 - 200-2
201 P r e l i m i n a r y H a z a r d L i s t ................................ 201-1 - 201-2
2o2
203
Preliminary Hazard Analysis
Subsystem Hazard Analysis
......
..... . ......................
..... ................... 202-1 -
-
202-2
..............
203-1 203-2
204
205
System Hazard Analysis ...................
Operati ng and Support Hazard Anal ysi S ...............
204-1
...................
205-1
-
-
204-2
205-2
206
207
Occupational Heal t h Hazard Assessment
Safety Verification .................................... .206-1
207-1
-
-
206-2
207-2
208 Training ...............................................
...................................... 208-1 -
-
208-2
209
210
211
S a f e t y Assessment
Safety Compliance Assessment
SafetyReviewofEngineering
....................... . . ,
209-1
210-1
Change Proposals and Requests f o r
-
209-2
210-2
212
Deviation/Waiver
Software Hazard Analysis
......................
.. ........................
.................
211-1
212-1 ............
........-... -
-
211-2
212-2
213 GFE/GFP System S a f e t y A n a l y s i s 213-1 - 213-2

.. . . . . . . 1 ....... -c=-
__ ....... ... _ . .. . .
.%
MIL-STD-882B M 9999911 0359862 8 9 b M
MIL-STD-882B
30 March 1984
APPENDIX A
GUIDANCE FOR IMPLEMENTATION OF
SYSTEM SAFETY PROGRAM REQUIREMENTS
1 Paragraph Page
10.
10.1
GENERAL
Scope
.................................................
................................................... A- 1
A- 1
10.2
10.3
Purpose
User
.................................................
....................................................
A- 1
A- 1
10.4
10.5
ContractualRequirements ................................
Managing Acti v i t y Res ponsi b i l i t i es ......................
A- 1
A- 1
20
30.. REFERENCED DOCUMENTS
SYSTEM SAFETY REQUIREMENTS
....................................
.............................. A- 2
A- 2
30.1 System Safety Program Objectives and Design Requirements A-2
30.2
30.3
System Safety Precedence
Risk Assessment
................................
.........................................
A- 3
A- 3
30.4 Action on Identified Hazards ............................ A- 3
40.
40.1
TASK SELECTION
SelectionCriteria
..........................................
...................................... A- 5
A- 5
40.2
40.3
ApplicationMatrix for Program Phases
Task Priori ti zat i on
...................
..................................... A- 5
A- 5
.
40.3.1
40.3.2
Identifying and Quantifying System Safety Needs
Sel ecti ng Tasks to F i t the Needs
.........
........................ A-8
A- 8
50. RATIONALE AND GUIDANCE FOR TASK SELECTIONS .............. A- 8
50.1
50.1.1
Task Section 100 .Program Managementand Control
System Safety Program ................................... ....... A-8
A-8
I
50.1.2
50.1.3
System Safety Program Plan ..............................
Integrati on/Management of Associate Contractors.
A-8
Subcontractors and Architect and Engineering Firms .... A- 9
50.1.4
50.1.5
System Safety ProgramReviews ........................... .
System Safety Group/System Safety Working Group Support
A- 9
A-10
50.1.6 Hazard Tracking and Risk Resol ution ..................... A-10
50.1.7
50.1.8
Test and EvaluationSafety
System Safety Progress Summary
..............................
.......................... A-10
Ar10
50.1.9 Qualifications of Key Contractor System Safety
50.2
Engineers/Managers ....................................
Task Section 200 .Design andEva1 uation .......... ..... A-11
A-11
50.2.1
50.2.2
Preliminary Hazard List
Preliminary Hazard Analysis
.................................
............................. A-11
A-11
50.2.3
50.2.4
Subsystem Hazard Analysis
SystemHazard Analysis
...............................
.................................. A-12
A-13
50.2.5 Operat i ng and Support Hazard Analysis
OccupationalHealth Hazard Assessment
...................
................... A-14
50.2.6 A-14
50.2.7 Safety Verification
Training
.....................................
................................................ A-15
.A. 16
W 50.2.8
50.2.9
50.2.10
Safety Assessment .......................................
Safety Compliance Assessment ............................ A-16
A-16
50.2.11 Safety Review o f Engineering Change Proposal S and
Requests for Devi a t i on/Waiver
Software Hazard Analysis
.........................
................................ A-18
50.2.12 A-18
t
50.2.13 GFE/GFP System SafetyAnalysis .......................... A-20
vi
i /
.
2470 A-6
~ -~ -. . L . I ....-
"
MIL-STD-882B W 9 9 9 9 9 3 3 0359863 7 2 2 W""".
MIL-STD-882B
30 March 1984
APPENDIX B
SYSTEM
SAFETY PROGRAM REQUIREMENTS RELATED TO LIFE CYCLE PHASES
I Paragraph
60. SYSTEM SAFETY PROGRAM REQUIREMENTS RELATED TO LIFE CYCLE
Page
60.1
PHASES ..................................................
.
Missi on Need Determi n a t i on Concept Expl o r a t i o n ........
B- 1
B- 1
60.1.1
60.1.2
Mission Need Determination ..............................
Concept Expl oration/Programmi ng and Requirements
B- 1
60.1.3
Devel opmentPhase ............................................
Dmonstration and Val i d a t i o n / C o n c e p t Design Phase
B- 1
B-2
O 60.1.4
60.1.5
Fu1 1-Scal e E n g i neeri ng Devel opment/Fi na1 Desi gn Phase
Productionand Depl oymentPhase ......................... ... B-4
B-5
60.1.6
60.2
......................................
C o n s t r u c t i o nP h a s e
SystemSafetyProgramRequirementsfor Other A c q u i s i t i o n s
B-7
B-7
4
60.3 SystemSafetyRequirementsforTechnologyRequirements .. B-8
APPENDIX C
DATA
REQUIREMENTS FOR MIL-STD-882B
Paragraph Page
4-
G? 70. DATA REQUIREMENTS FOR MIL-STD-882B ............................... c- 1
TAB LES
Num ber Page
1
2
APPLICATION
MATRIX FOR SYSTEM PROGRAM DEVELOPMENT
APPLICATION MATRIX FOR FACILITIES ACQUISITION
.......
........... A- 6
A-7
FIGURES
1
2
FIRST EXAMPLE HAZARD RISK ASSESSMENT
MATRIX
SECOND EXAMPLE HAZARD RISK ASSESSMENT
MATRIX
............
........... A- 4
A- 4
vii
a-7
THIS PAGE INTENTIONALLYLEFT BLANK
VI 11
A-8
MIL-STD-8826
30 March 1984
c SYSTEM
SAFETY PROGRAM REQUIREMENTS
1. SCOPE.
1.1 Pur ose. This standardprovidesuniform requirements f o r devel opi ng and
-4"
imp1 m e n t ng a system safety program of sufficient comprehensiveness t o iden-
t i f y t h e hazardsof a system and t o impose designrequirements andmanagement
control S t o prevent mishaps by eliminatinghazardsorreducing the associated
risk t o a 1eve1 acceptabl e t o the managing a c t i v i t y (MA). The term "managing
a c t i v i t y " usual 1y refers t o the Government procuring activity, b u t may i ncl ude
prime or associate contractors or subcontractors who wish t o impose system
s a f e t y tasks on their suppliers.
1.2 A l i c a b i l i t This standardappliesto DoD systems and f a c i l i t i e s
II
Y
i ncl u i n g test, maintenance and support, and training equipment. I t applies
t o a l l a c t i v i t i e s o f the system l i f e cycle; e.g., research,design,
technology development; t e s t and evaluation,production,construction,
operation and s u p p o r t , modification and disposal. The requirements will also
be appl i ed t o DoD i n - house programs .
1.3 Appl i c a t i on.
c +
1.3.1 A 1 i n Tasks. Tasks described i n this standardareto be
sel ecti vely app i ed i n DoD contract-defi n i t i zed procurements, requests for
proposal (RFP), statements of work (SOW), andGovernment in-house
developments requiring system safety programs for the development,
production, and i n i t i a l deploynentofsystems, f a c i l i t i e s and equipment.
The word "contractor" herein al so i ncl udes Government a c t i v i t i e s devel opi ng
mil i t a r y systems and equipment .
1.3.2 Tailoring ofTask Descriptions. Task descriptionscontained i n
Section 5 a r e t o be tailored by the MA asrequired by governingregulations
and as appropriate to parti cul a r systems or equi ment program type ,
magnitude, and f u n d i n g , Intailoring the tasks,thedetail and depthofthe
e f f o r t i s defined by- the MA and incorporated i n the appropriate contractual
.
documents When preparingproposalsthecontractor may includeadditional
tasks or task modifications w i t h supporting rationale for each addition or
8 modffication.
1.3.2.1 Detailsto be Specified. The "Details t o be Specified"paragraph
under each task description i n Section 5 i s intended f o r l i s t i n g the specific
details, additions, modifications, deletions, or options to the-requirements
of the task t h a t should be considered by the MA when t a i l o r i n g the task
description to f i t program needs."Detail s t o be Specified"annotated by an
"(R)" a r e required and must be provided t o the contractor for proper
implementation o f the task, i f the task is t o be contractually implemented.
1.3.2.2 Application Guidance. Applicationguidance and rationalefor
selecting tasks to f i t %he needs of a particul ar system safety program are
included i n appendices A and B. These appendicesaregenerallynotcontrac-
t u a l l y b i n d i n g ; however, the MA may choose t o impose portions o f Appendix B as
part o f Task 100.
1 .
247 3
A- 9
MIL-STD-882B
30. March 1984
R--
1.3.2.3 Method o f Reference. When s p e c i f y i n gt h et a s k so ft h i ss t a n d a r d as \ *

c o n t r a c t u a lr e q u i r e m e n t s ,b o t ht h i ss t a n d a r d andeach s p e c i f i c t a s k number
a r e t o be c i t e d . Appl ica b l e D e t a i l s To Be S p e c i f i ed w l
i be in c l uded i n
t h e SOW.
1.3.3 C o n f l i c t i n gR e q u i r e m e n t s . When c o n f l i c t i n gr e q u i r e m e n t so rd e f i c i e n -
c i e sa r ei d e n t i f i e dw i t h i ns y s t e ms a f e t yp r o g r a mr e q u i r e m e n t s ,t h ec o n t r a c t o r
s h a l ls u b m i tn o t i f i c a t i o n ,w i t hp r o p o s e da l t e r n a t i v e s and s u p p o r t i n g
rationale,tothe MA f o r r e s o l u t i o n .
2. REFERENCED DOCUMENTS. Referenceddocumentsarenotincluded in this

document.Referenceddocumentsrequired t o supplement t h i s m i l i t a r y
standardmust be s p e c i f i e d i n s y s t e ms p e c i f i c a t i o n s and o t h e rc o n t r a c t u a l
documents.
L
3. DEFINITIONS AND ABBREVIATIONS.
3.1 Definitions. The f o l l o w i n gd e f i n i t i o n sa p p l y :
3.1.1 C o n t r a c t o r . A p r i v a t es e c t o re n t e r p r i s eo rt h eo r g a n i z a t i o n a le l e m e n t
o f DoD o r any o t h e r Governmentagencyengaged t op r o v i d es e r v i c e so rp r o -
d u c t sw i t h i na g r e e dl i m i t ss p e c i f i e d by t h e MA.
3.1.2Damage. The p a r t i a l o r t o t a l 1oss o f hardwarecaused.bycomponent

f a i l Ure; exposure o f hardware t o heat, f i r e , o r o t h e r e n v i r o n m e n t s ; human
e r r o r s ;o ro t h e ri n a d v e r t e n te v e n t so rc o n d i t i o n s .
3.1.3 Hazard. A c o n d i t i o nt h a ti sp r e r e q u i s i t et o a mishap.
3.1.4 HazardousEvent. An o c c u r r e n c et h a ct r e a t e s a hazard.
3.1.5 HazardousEventProbability. The l i k e l i h o o d e, x p r e s s e d in

q u a n t i t a t i v eo rq u a l i t a t i v et e r m s ,t h a t a hazardousevent w l
i occur.
3.1.6 H a z a r dP r o b a b i l i t y . The a g g r e g a t ep r o b a b i l i t yo fo c c u r r e n c eo ft h e
i n d i v i d u a lh a z a r d o u se v e n t st h a tc r e a t e a s p e c i f i ch a z a r d .
3.1.7 HazardSeverity. An assessment o ft h ew o r s tc r e d i b l em i s h a pt h a t

c o u l d be causedby a s p e c i f i ch a z a r d .
3.1.8 Managing A c t i v i t y . The, o r g a n i z a t i o n a le l e m e n to f DoD assigned

a c q u i s i t i o n management r e s p o n s i b i l i t y f o r t h e system, o r p r i m e o r a s s o c i a t e
c o n t r a c t o r so rs u b c o n t r a c t o r s who w i s h t o imposesystem s a f e t y t a s k s on t h e i r
suppl iers.
3.1.9 Mishap. An u n p l a n n e de v e n to rs e r i e so fe v e n t st h a tr e s u l t s i n death,

i n j u r y , o c c u p a t i o n a l il1ness , o r damage t o o r l o s s o f equipment o r p r o p e r t y .
3.1.10 O f f - t h e - s h e l fI t e m . An itemdeterminedby a m a t e r i a la c q u i s i t i o n
decisionprocessreview (DoD, M i l i t a r y Component, o r s u b o r d i n a t e o r g a n i z a t i o n
as a p p r o p r i a t e ) t o be a v a i l ab1 e f o r a c q u i s i t i o n t o s a t i s f y anapproved
2
. -
.
2474 11-10
MIL-STD-882B
30March1984
materiel requirement w i t h no expenditure of f u n d s for deve1 opnent ,

modification,or improvement (e.g., commercial products,materiel developed
by other Government agencies, or materiel developed by othercountries). This
item maybe procured by thecontractororfurnished t o thecontractoras
Government-furnished equipment (GFE) or Government-furnished property (GFP).
3.1.1.1 Risk. An expressionofthe p o s s i b i l i t y of a mishap i n terms of hazard
severity and hazard probabil i t y .
3.1.12 Safety. Freedom from thoseconditionsthat can cause death,injury,
occupational il 1ness , or damage to or loss of equipment or property.
3.1.13 Subsystem. An element of asystem t h a t , i n i t s e l f may constitute a
system.
3.1.14 System. A composite, a t any level of complexity, o f personnel,
procedures , materials , tools , equi p e n t , facil i t i es , and software. The
elements of t h i s composite e n t i t y a r e used together i n theintended
operationalorsupport environment t o perform agiven t a s k orachieve a
specific production, support, or missionrequirement.
3.1.15 System Safety. The application of engineering andmanagement
pri nci pl es , c r i t e r i a , and techniques t o optimize safety w i t h i n the
constraints of operationaleffectiveness,time, and cost throughout a l l
phasesofthe system l i f e cycle.
3.1.16 System Safety Engineer. An engineer who i s qualified by t r a i n i n g
and/or experienceto perform system safety engineering tasks.
3.1.17 System Safety Engi neeri ng. An engineering disci pl i ne requi ri ng
SDecializedprofessional knowledge and s k i l l s i n applying s c i e n t i f i c and
engineering principles, criteria, and techniquestoidentify and eliminate
hazards, o r reduce the risk associated w i t h hazards.
3.1.18 System Safety Group/Working Group. A formallychartered group of
persons,representingorganizationsassociated w i t h the system acquisition
program, organized to assist the MA system programmanager i n achievingthe
system safety objectives. Regul ations of the Mil i t a r y Components define
requirements, responsibilities, and memberships.
3.1.19 System Safety Management. An element of management t h a t definesthe
system safety program requirements and ensuresthe p l a n n i n g , implementation
and accomplishment ofsystem safety tasks and activities consistent w i t h the
overall program requirements.
3.1.20 System Safety Manager. A person responsible t o programmanagement
for s e t t i n g u p and managing the system safety program.
3.1.21System Safety Program. Thecombined tasks and a c t i v i t i e s of system
safety managementand system safety engineering that enhance operational
effectiveness by satisfying the system safety requirements i n a timely,
cost-effective manner throughout a l l phases of the system l i f e cycle.
3
247 5
Licensed by Information Handling Services A-1 1
MIL-STD-882B
30March 1984
3.1.22 System Safety Program P l a n . A description of the planned methods t o

be used by the contractor to implement thetailoredrequirements of this stan-
d a r d , includingorganizationalresponsibilities,resources, methods of
accomplishment, milestones,depth o f e f f o r t , and integration w i t h other
program engi neeri ng and management acti v i t i es and re1 at'ed systems.
3.2 Abbreviations.Abbreviations used i n this document aredefinedas
f 01 1ows :
AE Architect and Engi neeri ng Firm
CDR Cri t i cal Desi gn Review
CDRL Contract Data Requirements List
CPCI Computer Program Configurati on Item
DID Data I tem Des cri p t i on
DoD Department of Defense
DOT Department of Trans p o r t a t i on
ECP Engineering Change Proposal
EPA E n v i ronmental Protection Agency
MA Managing Acti v i t y
O&SHA Operating & Support Hazard Analysis
OSHA Occupational Safety andHeal t h Administration
P HA Preliminary Hazard Analysis
P HL Prel imi nary Hazard List
RFP Request for Proposal
SHA System Hazard Analysis
sow Statement of Work
SSG System Safety Group
SSHA Subsystem Hazard Analysi S
SSPP System Safety Program Plan
SSWG System Safety Working Group
4
4. SYSTEM SAFETY REQUIREMENTS.
4.1 System Safety Program. The contractorshallestablish and m a i n t a i n a

system safety program t o support e f f i c i e n t and effective achievementof
overallobjectives.
4.2 System Safety Program Objectives. The system safety program shall
define a systematic approach t o make sure:
a . Safety,consistent w i t h missionrequirements i s designed intothe
system i n a timely,cost-effective manner.
b. Hazards associated w i t h each system areidentified,evaluated, and
el iminated, or the associated risk reduced t o a 1eve1 acceptable to the MA
throughouttheentire l i f e cycleof a system. Risk shall be described i n risk
assessment terms (see paragraph 4.5 below).
c. Histori cal safety data, including 1essons 1 earned from othersystems,
areconsidered and used.
d. Minimum risk i s sought i n accepting and using new designs ,
materials, and production and testtechniques.
4
__
2676
Licensed by Information Handling Services A-12
MIL-STD-882B
30 March 1984
c e. Actionstaken to eliminate hazardsorreduce

acceptable to the MA are documented.
f . Retrofitactionsrequired
risk t o a 1evel
t o improve safetyare minimized t h r o u g h

the timely inclusion of safety features d u r i n g research and development and
acquisition of a system.
.9 Changes i n design,configuration,ormissionrequirementsare
accomplished i n a manner t h a t maintains a risk 1evel acceptable to the MA.
h. Consideration i s given t o safety,easeof disposal , and
demilitarization of any hazardous materialsassociated w i t h the system.
i . Significantsafetydataare documented as"lessonslearned" and are
submitted t o d a t a banks oras proposed changes t o applicabledesign handbooks
and specifications.
4.3 System Safety Design Requirements. System safetydesignrequirements
will be specified after reviewof pertinent standards, specifications,
regulation.s,design handbooks and other sources of designguidance for
appl icabil ity to the design o f the system. Some general system safety design
requirementsare:
a. Eliminateidentifiedhazardsor reduce associated risk t h r o u g h
design,includingmaterialselectionorsubstitution. When potentially hazar-
dous materials must be used, select those w i t h l e a s t risk throughout the l i f e
cycle o f the system.
b. Isolate hazardous substances, components, and operations from other
a c t i v i t i es, areas, personnel , and i ncompati bl e materi al s.
c. Locate equipment so thataccess during operations,servicing,
maintenance, repair, or adjustment m i nimi zespersonnelexposure t o hazards
.
( e .g , hazardous chemi cal S, h i gh vol tage, el ectromagneti c radi a t i on, c u t t i ng
edges,orsharp points).
d. Mi nimi ze ri s k resul t i ng from excessi ve envi ronmental condi ti ons
(e.9.)temperature,pressure,noise,toxicity,acceleration and vibration).
J e. Design t o minimize risk created by human error i n theoperation
and support of the system.
f. Consider al ternate approaches to minimize risk from hazards that
cannot be el imi nated. Such approaches incl ude inter1 ocks , redundancy,
f a i l safe desi gn, system protection, f i re suppression , and protective
cl oth i ng, equi pment , devi ces, and procedures.
g . Protectthe power sources,controls and c r i t i c a l components of
redundantsubsystems by physicalseparationorshieldi-ng.
h. When alternatedesign approachescannot eliminatethehazard,provide
warning and cautionnotes i n assembly, operations,maintenance, and repair
i nstructi ans , and d i s t i ncti ve markings on hazardous components and materi al S,
equipment, and facilitiestoensure personnel and equipment protection. These
shall be standardized i n accordance w i t h MA requirements.
~ "_ 5
2477
A-13
MIL-STD-882B 99999LL 0359870 962
MIL-STD-882B
30 March 1984
i. M i n i m i z et h es e v e r i t yo fp e r s o n n e li n j u r yo r damage t o equipment i n
t h e e v e n t o f a mishap.
j. Desi gn s o f t w a r e c o n t r o l 1ed o r m o n i t o r e d f u n c t i o n s t o
i n i t i a t i o n o f hazardouseventsormishaps.
m i nimize.
k.Reviewdesign c r i t e r i af o ri n a d e q u a t eo ro v e r l yr e s t r i c t i v e
r e q u i r e m e n t sr e g a r d i n gs a f e t y . Recommend new d e s i g nc r i t e r i as u p p o r t e db y
s t u d y ,a n a l y s e s ,o rt e s td a t a .
4.4 System SafetyPrecedence. The o r d e ro f precedence f o rs a t i s f y i n g system

s a f e t yr e q u i r e m e n t s and r e s o l v i n gi d e n t i f i e dh a z a r d ss h a l l beas follows:
hazards .
a. D e s i g nf o r Minimum Risk. From t h ef i r s t ,d e s i g nt oe l i m i n a t e
I f an i d e n t i f i e dh a z a r dc a n n o t
r i s k t o an a c c e p t a b l e l e v e l , as definedbythe
be eliminated,reducetheassociated
MA, t h r o u g hd e s i g ns e l e c t i o n .
b. IncorporateSafetyDevices. I f i d e n t i f i e dh a z a r d sc a n n o t be
eliminatedortheirassociatedriskadequatelyreducedthroughdesign
s e l e c t i o n ,t h a tr i s ks h a l l be reduced t o a 1e v e la c c e p t a b l et ot h e MA through .
t h e use o f f i x e d , a u t o m a t i c , o r o t h e r p r o t e c t i v e s a f e t y d e s i g n f e a t u r e s o r
d e v i c e s .P r o v i s i o n ss h a l l be made f o rp e r i o d i cf u n c t i o n a lc h e c k so fs a f e t y
d e v i ces when appl icab1 e.
c.ProvideWarningDevices. When n e i t h e rd e s i g nn o rs a f e t yd e v i c e sc a n
effectivelyeliminateidentifiedhazardsoradequatelyreduceassociated
r i s k , d e v i ces s h a l l be used t o d e t e c t t h e c o n d i t i o n and t o produce an
a d e q u a t ew a r n i n gs i g n a lt oa l e r tp e r s o n n e l o f thehazard.Warningsignalsand
t h e i r a p p l i c a t i o n s h a l l be d e s i g n e d t o m i n i m i z e t h e p r o b a b i l it y o f i n c o r r e c t
p e r s o n n e l r e a c t i on t o t h e s i gnal S and s h a l l be standardized w i t h i n 1 ike types
o f systems.
d. Deve1op Procedures and T r a i n i n g . Where i t i si m p r a c t i c a lt oe l i m i n a t e

h a z a r d st h r o u g hd e s i g ns e l e c t i o no ra d e q u a t e l yr e d u c et h ea s s o c i a t e dr i s kw i t h
s a f e t y andwarningdevices,procedures and t r a i n i n g s h a l l beused.However,
w i t h o u t a s p e c i f i c w a i v e r , no w a r n i n g , c a u t i o n , o r o t h e r f o r m o f w r i t t e n a d v i -
s o r y s h a l l be used as t h e o n l y r i s k r e d u c t i o n method f o r C a t e g o r y I o r II
hazards(asdefined i n paragraph 4.5.1 b e l ow). Procedures may i n c l ude theuse
o f p e r s o n a lp r o t e c t i v ee q u i p m e n t .P r e c a u t i o n a r yn o t a t i o n ss h a l l be standard-
i z e d as s p e c i f i e d by t h e MA. Tasksand a c t i v i t i e s j u d g e d c r i t i c a l bythe MA
may r e q u i r e c e r t i f i c a t i o n o f p e r s o n n e l p r o f i c i e n c y .
4.5 R i s k A s s e s s m e n t D . e c i s i o n sr e g a r d i n gr e s o l u t i o no if d e n t i f i e dh a z a r d s
s h a l l bebasedonassessmentof, t h er i s ki n v o l v e d . To a i dt h ea c h i e v e m e n to f
t h eo b j e c t i v e so fs y s t e ms a f e t y ,h a z a r d ss h a l l be c h a r a c t e r i z e d as t o hazard
s e v e r i t y c a t e g o r i e s and hazard probabil i t y 1evel s, when p o s s i b l e . S i n c e t h e
p r i o r i t y f o r s y s t e ms a f e t yi se l i m i n a t i n gh a z a r d sb yd e s i g n , a r i s k assessment
procedureconsideringonlyhazardseverity w i
l generallysufficeduringthe
e a r l y d e s i g n phase t o m i n i m i z e r i s k . When hazardsare n o t e l i m i n a t e d d u r i n g
a
t h e e a r l y d e s i g n phase, a r i s k assessmentprocedurebaseduponthehazard
p r o b a b i l i t y , as w e l l as h a z a r ds e v e r i t y ,s h a l l beused t o e s t a b l i s h p r i o r i t i e s
f o r c o r r e c t i v e a c t i o n and r e s o l u t i o n o f i d e n t i f i e d hazards.
4.5.1 H a z a r dS e v e r i t y .H a z a r ds e v e r i t yc a t e g o r i e sa r ed e f i n e dt op r o v i d e a
q u a l i t a t i v e measure o f t h e w o r s t c r e d i b l e m i s h a p r e s u l t i n g f r o m p e r s o n n e l
6
y,
I 2478 A-l L
MIL-STD-882B 9999933 0 3 5 9 8 87 T
39 R
MIL-STD-882B
30 March 1984
error; environmental conditions;designinadequacies;proceduraldeficiencies;

or system, subsystem or component failureormalfunctionasfollows:
Des cri p t i on Category Mishap Defi n i t i on

CATASTROPHIC I Death o r system loss
CRITICAL II Severe injury,severeoccupational
i l 1ness, or major system damage.
MARGINAL II I Minor injury, minor occupational

i l 1 ness , or m i nor system damage.
IV
NEGLIGIBLE Less t h a n minor
occupational
injury,
il 1 ness, or system damage.
Thesehazard severity categories provideguidance t o a wide variety of
programs. However, adaptation to a parti cul a r program i s generallyrequired
t o provide a mutual understanding between the MA and thecontractors as t o the
meaning o f theterms used i n the category defi n i tions. The adaptation must
define what consti tutes system l o s s , major or m i nor system damage, and severe
and m i nor injury and occupational il 1ness.
4.5.2 Hazard Probability. The probability t h a t a hazard will be created
r
-i,
d u r i n g the planned l i f e expectancyofthe
occurrences per u n i t of time,events,population,
system can be descri bed i n potential
i'tems, or activity.
Assigning a q u a n t i t a t i v e hazard probabil i t y t o a potential
design
or
procedural hazard isgenerally n o t possibleearly i n thedesignprocess. A
qualitative hazard probabil i t y maybe derived from research, analysi s, a n d
evaluation of histori cal safety data from simil a r systems.Supporting
rational e for assigning a hazard probabil i t y s h a l l be documented i n hazard
analysis reports. An exampl e of a qualitative hazard probabilityranking is:
Descri p t i on*Level Speci f i c I n d i v i dual I tem F1 eetor Inventory**

FREQUENT A Likely t o occur
frequently.
Continuously
experienced
L PROBABLE B Will occurseveral

tlmes in Will occur
frequently
l i f e of an item
OCCASIONAL C Likely
occur
to sometime Will occur several
times
i n l i f e of an item
REMOTE D Unlikely b u t possible
Unlikely
to b u t can reasonably
occur i n l i f e of an item be expected t o occur
IMPROBABLE E So unlikely, i t canUn1
be i kely occur,
to but
assumed occurence may n o t possi bl e
be experienced
*Definitions o f descriptive words may have t o be modified based on quantity
i nvol ved.
**The s i z e of the f l eet or inventory shoul d be defined.
7
0-1
MIL-STD-882B
."30March1984
I-. .
4.6 A c t i o n on I d e n t i f i e d H a z a r d s .A c t i o ns h a l l be taken t o e l i m i n a t ei d e n -
t i f i e d h a z a r d so rr e d u c et h ea s s o c i a t e dr i s k . CATASTROPHIC andCRITICAL
hazardsshall be e l i m i n a t e d or t h e i r a s s o c i a t e d r i s k r e d u c e d t o a l e v e l accep-
\.~
x
t a b l et ot h e MA. If t h i si si m p o s s i b l eo ri m p r a c t i c a l ,a l t e r n a t i v e ss h a l l be
recommended t o t h e MA.
5. TASK DESCRIPTIONS. The t a s kd e s c r i p t i o n sa r ed i v i d e di n t o two general

s e c t i o n s :S e c t i o n 100,Program Managementand C o n t r o l and S e c t i o n 200, Design
and Eva1 u a t i on.
Custodi ans : Preparing Activity

Army
Navy AS
AV-
- Air Force 10 -
Project No. - SAFT-O002
Revi e
w ing A c t i v i t i es :
Army -
AV, AT, SC, AR, M I
Navy -
AS, O S , SH, YD, SA, EC
Air Force -
11, 13,19, 26
8
/-
.
2480
Licensed by Information Handling Services 8-2
MIL-STD-882B
TASKSECTION 100
30 M a r c h 1984
TASKSECTION 100
PROGRAMMANAGEMENTANDCONTROL

MIL-STD-882B '
TASKSECTION 100
30 March 1984
I ..
100-2
1434
IC TASK 100
SYSTEM SAFETY PROGRAM
i 100.1 Purpose. The purposeof Task 100 i s t o conduct a basic system safety
program. The t o t a l system safety program i s this task pl us allothertasks
Sections 100 and 200 designated by the MA.
100.2 Task Description. Set up a system safety programwhich meets the
requirementsofSection 4., SYSTEM SAFETY REQUIREMENTS, and all other
in
desi gnated tasks i n Sections 100 and 200.

100.3 Detailsto be Specified by the MA (Reference 1.3.2.1).
100.3.1 Detailsto be specified i n the SOW shallincludethefollowingas
I -
appl i ca bl e:
~
I
, Imposition
(R) ofa. Task 100.
(R) b . Tailoring o f Section 4 t o meet specific program requirements.
(R) c.Acceptable 1eve1 of risk.
I
c=
.r-
=&
d. Additionofotherspecific system safety program requirements.
TASK 100
30 March 1984
100- 3
""
Y
2483
0-5
I .- . L
MIL-STD-882B
TASK 100
30 March1984
TASK 100
30 March1984
100-4
Licensed by Information Handling Services B-6

MIL-STD-8626 9999933 0359877 237
MIL-STD-882B
30 March 1984
TASK 101
.
SYSTEM SAFETY PROGRAM PLAN
101.I Pur ose The purpose of the Task 101 i s t o deve1 op a system safety
pl an
program -+kPP). I t shall describe i n detail tasks and a c t i v i t i e s of
system safety managementand system safety engineering required t o i d e n t i f y ,
evaluate, and eliminate hazards , or reduce the associated risk t o a 1 eve1
acceptable to the MA throughoutthesystem life cycle.
101.2 Task Description. The contractorshalldevelop a SSPP t o provide a
basis of understanding between the contractor and the MA as t o how the system
safety program will be accomplished t o meet contractualsafetyrequirements
included i n the general and special provisions of thecontract. The SSPP
shallincludethe following:
101.2.1 Program Scope and Objectives. Each SSPP shalldescribe,as a minimum,
the four elements of an effective system safety program: a plannedapproach
for task accomplishment, qualified people t o accomplish tasks , a u t h o r i t y t o
imp1 ement tasks through a l 1 levels of management , and appropriate resources
both manningand f u n d i n g t o assuretasksare completed. The SSPP shalldefine
aprogram t o s a t i s f y t h e system safetyrequirements imposed by the contract.
This section shall :
a.Descri be thescope of theoverall program and the re1atedsystem
s a f e t y pro gram.
b. List the tasks and a c t i v i t i e s o f system safety managementand
engineering. Descri be the i nterrel ations hips between system safety and other
functionalelements of the program. Other program requirements and tasks
applicable t o system safety shall be l i s t e d including the identification o f
where they are specified or described.
101.2.2 System SafetyOrganization. The SSPP shalldescribe:
a . The system safetyorganizationorfunction w i t h i n theorganization of
the total program u s i n g charts t o show theorganizational and functional
re1 a t i ons h i ps , and 1 i nes of communi cati on.
b. The responsibility and authority of system safety person-nel , other
contractororganizationalelements involved i n the system s a f e t y e f f o r t ,
subcontractors , and system safety groups. Identifytheorganizational unit
responsible forexecuti ng each task. Identify the authority i n regard t o
resol u t i on of al 1 identified hazards. Include the name, address and t e l ephone
number of the system safety program manager.
c . The staffing of the system safetyorganizationfor the duration of
the contract t o include manpower 1oading , control of resources and the
TAS K1 O1
30 March 1984
101-1

MIL-STD-882B
30 March1984
qualifications of key system safety personnelassigned , including those who

possesscoordination/approvalauthorityforcontractorprepareddocumentation.
d . The procedures by which thecontractor will integrate and coordinate
the system safety efforts including assignmentofthe system safety
requirements t o actionorganizations. and subcontractors,coordination of
subcontractor system safety programs , integration of hazard analyses, program
and designreviews, program statusreporting, and system safety groups.
e. The process through which contractor management decisions will be
made including timely notification, of unacceptable risks, necessary action,
mi shaps or mal functions , wai vers t o safety requirements , program devi ations ,
etc.
101.2.3 System Safety Program Mil estones. The SSPP shall :
a. Defi ne system safety program mil estones.
b. Provide a program schedule o f safetytasksincluding start and
compl etion dates, reports, reviews, and estimated manpower loading.
c.Identifyintegrated system activities(i.e.,designanalyses,tests,
and demonstrations)applicable t o the system safety program b u t specified i n
otherengineeringstudies t o precludeduplication.Includedas a 'part o f this
sectionshall be theestimated manpower loadingrequiredto do these tasks.
101.2.4 General System Safety Requirements and Criteria. The SSPP shall:
a. Describegeneralengineeringrequirements and design c r i t e r i af o r
safety. Describe safety requirements for support equipment and operational
safety requirements for a l l appropriate phasesof the l i f e cycle up t o , and
including,disposal.Listthesafetystandards and system specifications
containingsafetyrequirementsthatshall be complied w i t h by thecontractor.
Include t i t l e s , d a t e s , and where applicable, paragraph numbers.
b. Descri be the risk assessmentprocedures. The hazard severity
categories, hazardprobabil i t y 1 evels, and the system safety precedence t h a t
shall be followed t o satisfythesafety requirements of t h i s standard. State
any qualitative or quantitative measuresof safety to be used for risk
assessmentincluding a descriptionoftheacceptable risk level.Include
system safety definitions which deviate from or are i n additiontothose in
this standard.
c . Descri be closed-loop-procedures for taking action to resol ve
identified hazardsincludingthoseinvolving GFE and off-the-shelf equipment.
101.2.5 Hazard Analyses, The SSPP shalldescribe:
a. The anal ysi S techniques and formats to be used i n qualitative or
quanti tative analysis to identify hazards, their causes and e f f e c t s , hazard
elimination, or risk reductionrequirements and how thoserequirementsare
met.
TASK 101
30 March 1984
101-2
6-8
MIL-STD-882B
30 March 1984
b. The depth w i t h i n the system to which eachtechnique i s used including

hazard identification associated w i t h thesystem,subsystem, components, per-
sonnel , ground support equipment, GFE, f a c i l i t i e s , and t h e i r i n t e r r e l a t i o n s h i p
i n the logistic support, training, maintenance, and operationalenvironments.
. c. The integrationofsubcontractor hazard analyses w i t h overall system
hazardanalyses.
101.2.6 System Safety Data. The SSPP s h a l l :
a . Descri be the approach for researching, d i s t r i b u t i n g , and analyzing
pertinenthistorical hazard or mishap data.
b. Identifydeliverabledata by t i t l e andnumber.
c. Identify non-del iverabl e system safety data and descri be the
procedures for a c c e s s i b i l i t y by the MA and retention of data of historical
value.
101.2.7 SafetyVerification. The SSPP shalldescribe:
a. The verification(test,analysis,inspection,etc.)requirementsfor
making surethatsafety i s adequatelydemonstrated.Identifyanycertification
requirementsforsafetydevicesorotherspecialsafetyfeatures.
F
L" b. Procedures for making sure test information i s transmitted
for review and analysis.
the
to MA
c. Procedure for ensuring thesafe conduct of a l lt e s t s .

101.2.8 A u d i t Program. The SSPP shalldescribethetechniques and
procedures t o be employed by the contractor to make sure the objectives and
requirements o f the system safety program are beingaccomplished.
+.
101.2.9 Trainin
neeri ng , t e c n i ci
The
SSPP shalldescribethe
an, operating
safety training for engi-
, and maintenance personnel
101.2.10 Mishapand Hazardous MalfunctionAnalysis and Reporting. The
.
contractor shall descri be i n the SSPP the .mishap and hazardous mal function
analysisprocessincludingalerting the MA.
101.2.11 System SafetyInterfaces. The SSPP shallidentify, i n detail:
a. The interface between system safety and a l l otherapplicablesafety
disciplines suchas: nuclear safety, range safety, explosive and ordinance
s a f e t y , chemical and biological safety, laser safety and any others.
b . The interface between system safety and a l l othersupportdisci pl ines
such as:maintenance,qualitycontrol,reliability, human factorsengineering,
medical support (heal t h hazard assessments), and any others.
TASK 101
30 March 1984
- 101-3
2487
Licensed by Information Handling Services B- 9
"-
I
.
m 9999933 0359880 803 m
~
"
.
r . "
MIL-STD-882B
..-
MIL-STD-882B
30 March 1984
6--
101.3 Details
to be Specified by the MA (Reference
1.3.2.1). 'i.c- -*
101.3.1 Details t o be specified i n the SOW shallinclude the following,as
appl i cab1e:
(R) a.ImpositionofTasks 100 and 101.
(R) b. Identificationofcontractualstatusof the SSPP.
c.Identi fi cation of additional tasks t o be performed or additional
i nformati on t o be provided.
d. Format, content, and deliveryscheduleincludingupdatesof any data
required. -
e. Requirements for reporting mis haps and hazardous mal functions.
S
TASK 101
30 March 1984
101-4
zsss
" . " .
" ._ .
MIL"STD-882B
30 March 1984
c TASK 102
INTEGRATION/MANAGEMENT OF ASSOCIATE CONTRACTORS, SUBCONTRACTORS, AND

1
ARCHITECT AND ENGINEERING FIRMS
102.1 Purpose. The purposeof Task 102 i s to provide the system integrating
contractor and YA w i t h appropriate management surveillance o f other
contractors' system safety programs, and the capability t o establish and main-
t a i n uniform integrated system safety program requirements. This t a s k will
alsodescribearchitect and engineeringfirms' ( A E ) system safety programs.
W
102.2 Task Description.
102.2.1 IntegratingContractor. The contractordesignatedasintegratorfor
the safety functions of all associated contractors shall :
&
a.Prepare an integrated system safety program pl an (ISSPP) asthe SSPP

required by Task 101 defining the rol e of the integrator and the effort
required from each associate contractor t o he1 p integrate system safety
requirementsforthe t o t a l system. In a d d i t i o n t o theothercontractually
imposed requirements from this standard,the p l a n s h a l l address and identify:
(1) Analyses, r i s k assessment, and verification d a t a t o be developed by
c- each associatecontractor w i t h format andmethod t o be utilized.

( 2 ) Data each associatecontractor i s requiredto submit t o the
integrator and i t s scheduleddelivery keyed to program mil estones.
( 3 ) Schedule and otherinformationconsideredpertinent by the
integrator.
( 4 ) Themethod of development of system 1eve1 requirements to be
allocated t o each oftheassociatecontractors as a p a r t of the system
specification, end-item specifications, and otherinterfacerequirement
documentation.
( 5 ) Safety-relateddatapertainingtooff-the-shelfitems.
b. Initiateaction through the MA t o make sure each associatecontractor

i s requiredto be responsive t o the ISSPP.
Recommend contractualmodification
where the need exists.
c. When conducting risk assessments, examine theintegrated system
design,operations, and specifically the interfaces between theproducts of
each associatecontractor. Data provided by associatecontractorsshall be
used i n the conduct o f this effort.
When performing a safetyassessment, summarize the mishap risk
d.
presented by theoperation o f theintegrated system.
TASK 102
30 March 1984
102-1
- "

MIL-STD-882B
30 March1984
e. Provide assistance and guidance toassociatecontractorsregarding

safety matters
f . Resolve differences between associatecontractors i n areasrelatedto
safety, especially during development of safetyinputs t o system and item
specifications. Where prob1 ems cannot be resolved .by theintegrator,notify
the MA forresolution and action.
g. Initiateaction through the MA to make sureinformationrequired by
an associatecontractor (from theintegratingcontractor or otherassociate
contractors) t o accompl i s h s a f e t y t a s k s , i s provided i n an agreed-toformat.
h . Develop a method ofexchanging safetyinformation between
contractors.Ifnecessary,schedule and conduct technical meetings between
allassociatecontractors t o discuss,review, and integrate the safety effort.
i . Implement an a u d i t program to make suretheobjectives and
requirements of the system safety program are beingaccomplished.
102.2.2 AssociateContractor.Associatecontractors shall provide safety
data and support needed by otherassociatecontractors and theintegrator
u n t i l theintegratordecides t h a t such support i s no longernecessary and t h a t
decision i s approved by the MA.
102.2.3 Subcontractors.Applicableprovisions of this standardshall be
incl uded i n all contracts w i t h major subcontractors.
a. Major subcontractors shall be requiredto.maintainsuitable
documentation o f safetyanalysesthey have performed i n formats which will
permitincorporation of t h e i r d a t a i n t o theoverallanalysis program.
b. Major subcontractors shall be requiredtodevelop system safety
program pl ans to be includedas annexes t o the prime contractor's
SSPP
c.Lessersubcontractors and vendors shall be requiredtoprovide
informati on on' component and subassembly characteristi CS including fail Ure
modes, f a i l Ure rates; and possiblehazards, which will permit prime contractor
personnel t o evaluatethe items for t h e i r impact on safetyofthe system.
102.2.4 Architect and Engineering Firms. The AE shall be responsiblefor
conducti nq facil itv hazard analyses and o t h e r f a c i l i t y SSPP functions as spec-
ified i n the SOW. -The AE shall-beresponsibleforsecuringtheexpertise .
necessaryto perform therequired work and will have the same responsibilities
as a prime contractor i n hazard identification,tracking, and resolution. The
AE shall assure t h a t designsubcontratorsorconsultantsmaintain and provide
suitable documentationof any safety analyses performed.
TASK 102
30 March1984
102-2

MIL-STD-882B
30 March ,1984
102.3 Details t o be Specified by the MA (Reference1.3.2.1).

102.3.1 Details t o be specified i n the SOW shallinclude t h e following,as
appl i cab1e:
(R) a.Designationof the system safetyintegratingcontractor.
(R) b. Impocition o f Tasks 100, 101 and102 astailored.
c. Format, content, and deliveryscheduleof any datarequired.
TASK 102
30 March1984
102-3
Licensed by Information Handling Services 3-1 3

. . . . ~. " . __ ~ ..
MIL-STD-BBZB m 9 9 9 9 9 3 3 0359884 457 m
MIL-STD-8829
TASK 102
30 March 1984
TASK 102
30 March 1984
102-4
..
2492
""
MIL-STD-88ZB m 9999933 0359885 3 9 3 m
MIL-STD-882B.
30 March 1984
6 TASK 103
SYSTEM SAFETY PROGRAM REVIEWS
103.1 Purpose. The purposeof Task 103 i s t o establish a requirement for the
contractortopresent system safety program reviews, t o periodically report the
status of the system safety program, and, when needed, t o supportspecial
requirements such ascertifications and firstflightreadiness reviews.
103.2 Task Description. The contractorshallprovide system safety program
reviews t o periodicallyreport t o the MA thestatusof hazard analyses,safety
assessments, and other parts of the system safety program. Also, when needed,
the contractorshallsupportpresentations t o Government certifying
a c t i v i t i e s such as munitions safety boards, nucl ear safety boards, or f l ig h t
safety reviewboards. These may alsoincludespecial reviews such as f i r s t
f l i g h t reviews orpre-constructionbriefings.
103.3 Details t o be Specified by the MA (Reference 1.3.2.1).
103.3.1 Details t o be specified i n the SOW shallincludethe f o l l o w i n g , as
appl i cab1 e:
(R) a. Imposition of Tasks 100 and 103.
b. Identification of reviews, theircontent, and probable location(s).
c. Method of documenting theresults of system safety reviews.
d. Schedule for system safetyreviews.
e.. Del i very schedule for any d a t a required prior t o and after the
rev i ews .
TASK 103
30 March 1984
103-1
- ""
2493
"
..
MIL-STD-BB2B W 9 9 9 9 9 3 3 0359886 22T
MIL-STD-882B
TASK 103
30 March1984
,"
TASK 103
30 March1984
103-2
-r " "W

MIL-STD-882B
30 March 1984
c TASK 104
SYSTEM SAFETY GROUP/SYSTEM SAFETY WORKING GROUP SUPPORT
104.1 Purpose. The purpose of Task 104 i s torequirecontractorsto support

system safety groups (SSGs) and system safety working groups (SSWGs) which are
established i n accordance w i t h serviceregulationsorasotherwisedefined by
the MA.
104.2 Task Description. The contractorshallparticipateas an active member
of MA SSG/SSWGs. Such participati on shallincludeactivitiesspecified by the
MA such as:
U
a.Presentation of the contractorsafety program status, including

results of designoroperationsriskassessments.
b. Summaries of hazard analysesincludingidentificationof problems and
s t a t u s of resolution.
c.Presentation of results o f analyses of R&D mishaps and hazardous
malfunctions i n c l u d i n g recommendations and actiontaken t o prevent future
recurrences.
d. Documentation and distribution ofmeeting agendas and minutes.
e. Responding t o actionitemsassigned by the chairman ofthe SSG/SSWG.
104.3.1 Details t o be specified i n the SOW shouldincludethefollowing,as
appl i cab1 e:
(R) a. Imposition o f Tasks 100 and 104.
( R ) b. Contractor membership requirements and roleassignments,e.g.,
recorder, member , al ternate, or techni cal advisor.
( R ) c . Frequency ortotal number of SSG,!SSWG meetings and probable
1ocations .
d. Specific SSG/SSWG supporttasks.
e. Format, content, and del i veryschedul e o f any data required.
TASK 104
30 March 1984
104-1

c-J
1 L *
MIL-STD-882B
r
TASK 104
30 March 1984
.- .
-3
THIS PAGE INTENTIONALLY LEFT BLANK
1
TASK 104
30 March 1984
104-2
2496 c-4
3
.. ".
" .
MIL-STD-88ZB m 77777LL 0357887 T37 m

MIL-STD-882B
30 March 1984
c TASK 105
HAZARD TRACKING AND R I S K RESOLUTION
105.1 Purpose. The purpose o f Task105 istoestablish a s i n g l ec l o s e d - l o o p

h a z a r d t r a c k i n g system.
105.2 T a s kD e s c r i p t i o n . The c o n t r a c t o rs h a l ld e v e l o p a method orprocedure

t o documentand t r a c k h a z a r d s f r o m i d e n t i f i c a t i o n u n t i l t h e h a z a r d i s e l i m i -
natedortheassociatedriskisreducedto a l e v e la c c e p t a b l et ot h e MA, t h u s
p r o v i d i n g an a u d i t t r a i l o f h a z a r d r e s o l u t i o n s . A c e n t r a l i z e d file o r docu-
mentcal 1 ed a "hazard 1og" s h a l l be maintained. The hazard 1 og s h a l l c o n t a i n
as a m i nimum:
a. D e s c r i p t i o no f eachhazard.
b
b. Status o f eachhazard.
f
c. T r a c e a b i l i t y o f r e s o l u t i o n a c t i o n oneachhazardfromthetimethe
hazard was i d e n t i f i e d t o t h e t i m e t h e r i s k a s s o c i a t e d w i t h t h e h a z a r d was
reduced t o a l e v e al c c e p t a b l et ot h e MA. .
105.3 D e t a i l st o be S p e c i f i e d by t h e MA (Reference 1.3.2.1).
105.3.1 D e t a i l s t o be s p e c i f i e d i n t h e SOW s h a l li n c l u d et h ef o l l o w i n g as
appl ica b l e:
(R) a. I m p o s i t i o no fT a s k s 100 and 105.
(R) b. Hazardthreshol d f o r i n c l u s i o n i n t h e h a z a r d 1og.

c. Compl e t e s e t o f d a t a r e q u i r e d o n t h e h a z a r d 1og, incl udi ng format .
d. Procedurebywhichhazardsareenteredintothe 1og.
e. P r o c e d u r eb yw h i c ht h ec o n t r a c t o rs h a l lo b t a i nc l o s e - o u to rr i s k
acceptancebythe MA ofeachhazard.
f. Format,content, and del iv e r y s c h e d u l e o f any d a t a r e q u i r e d .
TASK 205
30 March 1984
105-1
c-5
A
"
.
MIL-STD-882B
TASK 105
30 March1984
TASK 105
30 March1984
105-2
2493
C-6
MIL-STD-BB2B m 9 7 9 7 7 1 1 0357891 6 7 7 m
MIL-STD-882B
30March1984
TASK 106
TEST AND EVALUATION SAFETY
106.1 Purpose. The purpose of Task106 i s to make suresafetyisconsidered

i n t e s t and evaluation,toprovideexistinganalysisreports and other safety
d a t a , and t o respond t o a l l s a f e t y requirementsnecessary for testing
in-house, at other contractor facilities , and a t Government ranges , centers,
or 1 aboratori es.
106.2 Task Description. The contractor s h a l l make surethecontractortest
and evaluation safety activities recommend actions and evaluateactions taken
t o reduceorcorrect CATASTROPHIC andCRITICAL hazards i n the test and eval-
uationenvironment.Specific t e s t and evaluationsafetyactivitytasks shall
i ncl ude the fol 1owi ng:
106.2.1 Test and EvaluationPlanning.Planning for t e s t and evaluation
I
safety from thebeginningofthecontractperiodtoconsiderthefollowing:
a.Test program milestonesrequir i n g completionofhazard analyses, risk
assessments, or other safety studies.
b. Schedule for analysis , eval u a t ion, and approval o f t e s t pl ans,
procedures, and other documents t o make sure safety i s considered d u r i n g a l l
t e s t i ng.
c. That t e s t equipments, install ation of t e s t equipments, and instrumen-
tationareconsidered i n hazard analysesprior t o t e s t start.
d . Meeting specializedrequirementsdesignated by the MA and informing
the MA o f any identified hazards that are unique t o t h e t e s t environment.
106.2.2 Follow-up Actions. I n i t i a t i n g follow-upactiontoinsure completion
of the corrective efforts taken t o reduce or correct test and evaluation
hazard s.
106.2.3 Reports.Maintainingarepositoryof t e s t and evaluation
a hazard/actionstatusreports.
. 106.3 Details to be Specified by the MA (Reference1.3.2.1).

106.3.1 Details t o be specified i n the SOW shallincludethefollowing,as
appl i ca bl e:
(R) a.Impositionof Tasks 100 and 106.
( R ) b. Designation .of applicablespecialized system safety requirements for
t e s t i ng.
(R) c. Scheduleformeetingrequirementsdesignated i n 106.2 above.
d. Format, content, and del iveryscheduleof any data required.
TASK 106
30March1984
106-1
2499
c-7
MIL-STD-8826
TASK 106
30 March 1984
- .
TASK 106
30 March 1984
106-2
Licensed by Information Handling Services C-8 -*

, - " .. ." I
- _" .
MIL-STD-882B
30 March1984
I
c SYSTEMSAFETY
TASK 107
PROGRESS SUMMARY
! 107.1 Purpose. The purpose o f Task 107 i s t o p r o v i d e a p e r i o d i cp r o g r e s s
I report sumari zing the perti nent system safety managementand e n g i n e e r i n g
activitythatoccurredduringthereportingperiod.
107.2 TaskDescription. The c o n t r a c t o rs h a l lp r o v i d e a p e r i o d i cs y s t e m

safetyprogressreportsummarizinggeneralprogress made r e l a t i v e t o t h e
s y s t e ms a f e t yp r o g r a md u r i n gt h es p e c i f i e dr e p o r t i n gp e r i o d , and p r o j e c t e d
workfor .the n e x tr e p o r t i n gp e r i o d . The r e p o r t s h a l l c o n t a i n t h e f o l 1 o w i n g
information:
a. A b r i e f summary o f a c t i v i t i e s , p r o g r e s s , and s t a t u s o f t h e s a f e t y
e
e f f o r t i n r e 1a t i o nt ot h es c h e d u l e dp r o g r a m m liestones. It s h a l l h i g h 1 i g h t
s i g n i f i c a n t achievements and prob1 ems. It s h a l li n c l u d ep r o g r e s st o w a r d
completionofsafetydatapreparedor i n work.
b .N e w l yr e c o g n i z e ds i g n i f i c a n th a z a r d s and s i g n i f i c a n t changes i n t h e
degree o f c o n t r o l o f t h e r i s k o f known hazards.
C. S t a t u so fa l 1recommended c o r r e c t i v ea c t i o n st h a t have n o t been

impl emen ted.
d. S i g n i f i c a n tc o s t and schedulechangesthatimpactthesafetyprogram.
e. D i s c u s s i o no fc o n t r a c t o rd o c u m e n t a t i o nr e v i e w e db ys a f e t yd u r i n gt h e
r e p o r t i n gp e r i o d .I n d i c a t ew h e t h e rt h e documentswereacceptable f o rs a f e t y
c o n t e n t and whetherornotinputstoimprovethesafetyposturewere made.
f. Proposed agenda i t e m sf o rt h en e x ts y s t e ms a f e t yg r o u p / w o r k i n gg r o u p
meeting, i f suchgroupsareformed.
107.3 D e t a i l st o be S p e c i f i e d by t h e MA (Reference L3.2.1).
107.3.1 D e t a i l s t o be s p e c i f i e d i n t h e SOW s h a l li n c l u d et h ef o l l o w i n g , as
appl ica b l e:
(R) a. I m p o s i t i o no fT a s k s 100 and 107.
(R) b. S p e c i f i c a t i o no fp r o g r e s sr e p o r t in gp e r i o d
c.Format,content,anddeliveryschedul e of anydatarequired.
a
TASK 107
30 March1984
107-1
"" -
2501
Licensed by Information Handling Services c-9
..
m 9997911 0359894 3Tb m
. Y
MIL-STD-BBZB
MIL-STD-882B
TASK 107
30 March 1984
T H I S PAGE INTENTIONALLY LEFT BLANK
TASK 107
30 March 1984
107-2
2502
Licensed by Information Handling Services c-10
. . . ~
e MIL-STD-BB2B 9999911 0359895 232 m

MIL-STD-882B
30 March 1984
c; TASK 108
QUALIFICATIONS OF KEY CONTRACTOR SYSTEM SAFETY ENGINEERS/MANAGERS
108.1 Purpose. The purposeof Task 108 i s toestablishqualificationsfor key

contractor system safety engineers and managers.
108.2 Task Description. The contractorshallassign and retainqualified
individuals as key system safetyengineers and managers. Key engineers and
managers arethose who possesscoordinationor approval authorityforcontrac-
tor documenfati on.
108.2.1 Pri nci pal System Safety Engi neer/Manager. Qual i f i cations of the
principal system safetyengineer or manager shall consist of one of each of
the options i n each ofthefol1 owing categories of education, t r a i n i n g , and
8 experience.
a. A minimum o f a Bache1 orofSciencedegree i n engineering, appl i ed or
generalscience,orsafety or business management.
b. Registration as a professionalsafetyengineer i n one of thestates
of the United States, o r c e r t i f i c a t i o n by the Board o f Certified Safety
Professionals i n system safety.
c. Prior experienceasa system safetyengineer on a f u l l -timebasis on
products or systems for a minimum of three (3) years d u r i n g theprecedingten
(10) years i n a t l e a s t one of thefollowingfunctionalareas:
1. System Safety Management
2. System SafetyAnalysis
3. System Safety Design
4. System Safety Research
5. System SafetyOperations
6. System SafetyAdministration
7. System or EquipmentMishap Investigation
8. Human FactorsEngineering
9. Task Analysis
10. Product
Assurance Engineering
11. Re1 i abil i t y Engi neering
TASK 108
30 March1984
108-1
2503 c-11
* . "" .
MIL-STD-BBZB 9999933 035989b 379 m

MIL-STD-882B
30 March 1984
108.2.2 Other Safety Engi neers/Managers

engineers and managers shall be:
. Qual i f i cati ons for other key safety I
a. A minimum of a BachelorofSciencedegree i n engineering,appliedor

generalscience,safety or busi ness management . '
.
b Priordegree re1 ated experience of two (2) years i n a non-safety
f i e l d or one (1) year i n safety.
108.2.3 Waiver for Not Meeting Qualifications. The contractorshall submit a
requestfor waiver i f theprincipal system safetyengineer does not meet the
above qualifications.
108.3.1 Detailsto be specified i n the SOW shall include the following, as
appl ica bl e:
(R) a. Imposi tionof Tasks 100 and 108.
b. Specification of other minimum qualifications.
TASK 108
30 March 1984
108-2
c-12
MIL-STD-882B W 7777733 0357877 O05 W
MIL-STD-882B
TASK SECTION 200
30 March 1984
TASK SECTION 200

DESIGN AND ENGINEERING
-. Y
2505 200-1
Licensed by Information Handling Services C-1 3
m m
I
MIL-STD-8BZB 9999933 0 3 5 9 8 9 8 T 4 1
MIL-STD-882B
TASK SECTION 200
30 March 1984

"t.
200-2
C-14
MIL-STD-882B
30March 1984
TASK 201
PRELIMINARY HAZARD LIST
201.1 Purpose. The purpose of Task 201 i s t o compile a preliminary hazard

l i s t ( P m y e a r l y i n the system acquisition life cycle to enable the MA t o
choose any hazardous areas on which t o p u t management emphasis.
201.2 Task Description. The contractorshall examine the system concept
shogtly after the concept defini t i o n e f f o r t begins andcompil e a PHL
identifying possi bl e hazards t h a t maybe inherent i n thedesign. The
contractor shall further investi gate sel ected hazards or hazardous
characteristi cs identified by the PHL as directed by the MA t o determine t h e i r
significance.
(R) a.ImpositionofTasks 100 and

201.
b. Format, content, and del i very schedul e of ,any data required.
c.Identificationofspecialconcerns.
(. TASK 201
30March 19
201-1
-.
2507
D- 1
" -
TASK 201
30 March1984
-
201 2
D- 2
MIL-STD-882B
30 March 1984
c TASK 202
PR!ELIMINARY HAZARD ANALYSIS
+
202.1 Purose. The purpose o f Task 202 i s t o perform anddocument
p r e l i m i n a r y a z a r d a n a l y s i s (PHA) t o i d e n t i f y s a f e t y c r i t iareas,
hazards, and identify the safety design cri teri a t o be used.
cal
a
evaluate
202.2 TaskDescription. The c o n t r a c t o rs h a l pl e r f o r m anddocument a

p r e lm
i in a r y h a z a r d a n a l y s i s t o o b t a i n an i n i t i a l r i s k assessment o f a concept
o r system, The PHA e f f o r t s h a l l be s t a r t e dd u r i n gt h ec o n c e p te x p lo r a t i o n
phase o r e a r l i e s t 1I f e c y c l e phases o f t h e p r o g r a m so t h a t s a f e t y
c o n s i d e r a t ions a r e in c l uded i n t r a d e o f f s t u d i e s and d e s i g n a l t e r n a t i v e s .
Basedon t h e b e s t a v a i l a b l e d a t a , i n c l u d i n g m i s h a p d a t a f r o m s i m i l a r s y s t e m s
and o t h e r 1essons 1 earned, hazards associated with the proposed design or
f u n c t i o n s h a l l be e v a l u a t e df o rh a z a r ds e v e r i t y ,h a z a r dp r o b a b i l i t y ,a n d
operstionalconstraint.Safetyprovisions and a l t e r n a t i vesneeded t o
eliminate hazards or r e d u c e t h e i r a s s o c i a t e d r i s k t o a 1eve1 a c c e p t a b l e t o
t h e MA s h a l l be considered. The PHA s h a l l c o n s i d e r t h e f o l 1 owing f o r
i d e n t i f i c a t i o n and e v a l u a t i o n o f h a z a r d s asa minimum:
a.Hazardouscomponents (e.g., f u e l s ,p r o p e l l a n t s ,l a s e r s ,e x p l o s i v e s ,
t o x i c substances, hazardous construction materi al S, pressure systems, and
.c
.S
sources).
energy
other
b b. S a rf e tl ayi nt et ed r fcaocnes i d e r a t i o n s among various elements of
.
the system (e .g , m a t e r i a l c o m p a t i b i i lti es, el ectromagnetlc i n t e r f e r e n c e ,
inadvertentactivation,fire/explosiveinitiation
hardware and software control S) . and propagation,and
c. Envi r o n m e n t a l c o n s t r a i n t s in c l u d i n g t h e o p e r a t i n g e n v i r o n m e n t s ( e .g
d r o p ,s h o c k ,v i b r a t i o n ,e x t r e m et e m p e r a t u r e s ,n o i s e ,e x p o s u r et ot o x i c
.,
s u b s t a n c e s ,h e a l t hh a z a r d s ,f i r e ,e l e c t r o s t a t i cd i s c h a r g e ,l i g h t n i n g ,
e l e c t r o m a g n e t i ce n v i r o n m e n t a le f f e c t s ,i o n f z i n g and n o n - i o n i z i n g r a d i a t i o n
in c l u d i n 1 ga s e r r a d i a t i o n ) .
d. Operating,test,maintenanceandemergencyprocedures (e.g.,human
f a c t o r s e n g i n e e r i n g , human e r r o r a n a l y s i s o f o p e r a t o r f u n c t i o n s , t a s k s , and
requirements;effectoffactors such as equipment layout, 1i g h t i n g
,
requirements p o t e n t i a l e x p o s u r e s t o t o x i c m a t e r i a l S , e f f e c t s o f n o i s e o r
r a d i a t i o n on human performance; 1i f e supportrequirements and t h e i r s a f e t y
, and
.
i m p l i c a t i o n s i n manned systems, crash safety, egress, rescue, survival
s a l vage)
e. F a c i l i t i e s ,s u p p o r te q u i p m e n t (e.g., p r o v i s i o n sf o rs t o r a g e ,
assembly, checkout, prooftesti ng of hazardous systemsrassembl ies which may
in c l ude t a x i c, f1 ammabl e, e x p l o s ve, i c o r r o s i ve o r c r y o g e n i c fl u i ds ; r a d i a t i o n
o r n o i s e mi t t e r s ; e l e c t r i c a l power sources) and t r a i n i ng(e.
c e r t i f i c a t i o n p e r t a i n i n g t o s a f e t y o p e r a t i o n s and maintenance 4 .. t r a i n i ng and
i TASK 202
30 March 1984
202-1
,
W"
~.
n-3
.. .. . " - . . ... " . -~
.
MIL-STD-BB2B m 9999911 0359902 2T2
~ .- -
MIL-STD-882B
30 ,March 1984
' f . Safetyrelated equipment, safeguards, and possible a l ternate u

approaches(e.g., interlocks, systemredundancy, hardware orsoftware f a i l
safedesignconsiderations, subsystem protection,firesuppressionsystems,
personalprotective equipment, industrialventilation, and noise or r a d i a t i o n
barri ers ) .
202.3 Detailsto be Specified by the MA (Reference1.3.2.1).
202.3.1 Detailsto be specified i n the SOW shall includethefollowing,as
appl i ca bl e:
(R) a.Imposition of Tasks 100 and 202.
b. Format, content, and delivery schedul e o f any d a t a required,
i ncl udi ng m i nimum hazard probabil i t y and severity reporti ng thresholds .
c. Any selected hazards or hazardous areasto be specifically examined Y
or excluded.
TASK 202
30March 1984
202-2
D-l
MIL-STD-BB2B H 9999911 0359903 139 W
MIL-STD-882B
30 March 1984
TASK 203
SUBSYSTEM HAZARD ANALYSIS
203.1 Purpose. The purposeof Task 203 i s t o perform and document a

subsystemhazard analysis (SSHA) t o identify hazardsassociated w i t h design of
subsystems including component f a i l ure modes, c r i t i cal human error i n p u t s , and
hazards resulting from functional re1 a t i o n s h i p s betweencomponents and
equipments comprising eachsubsystem.
203.2 Task Description. The contractorshall perform and document a
subsystem hazard analysi S t o identify all components and equi pments, i ncl u d i n g
software, whose performance,performancedegradation,functionalfailure, or
inadvertentfunctioningcouldresult i n a hazard or whose design does n o t
satisfycontractualsafetyrequirements. The analysisshallincl ude a
determi n a t i o n o f the modes of f a i l Ure including reasonabl e human errors as
well as sing1 e p o i n t fail ures and the effects on safety when failures occur i n
subsystem components. I f no specificanalysistechniquesaredirected,the
contractorshall o b t a i n MA approvalof technique(s)to be used prior t o
performing theanalysis. The contractorshall update the SSHA when needed as
a r e s u l t of any system designchanges.
203.3 Details t o be Specified by the MA (Reference' 1.3.2.1).
203.3.1 Details t o be specified i n the SOW shallincludethefollowing,as
a ~ pilcab1 e:
( R ) b. Format, content, and del i veryschedul e of any data required i ncl u d i ng
mi nimum hazard severity and probabil i ty reporting thresholds.
c. The specific subsystems t o be analyzed.
d. Specification o f desiredanalysistechnique(s)and/or format.
TASK 203
30 March 1sI84
203-1
D-5
t... - . L . . . - . ._. ..
"
- ". . .
m
~
MIL-STD-882B W 7979911 0357904 075
MIL-STD-882B
TASK 203
30 March 1984
TASK 203
30 March 1984
203-2
Licensed by Information Handling Services ~

D-6
MIL-STD-882B
30March 1984
TASK 204
SYSTEM HAZARD ANALYSIS
204.1 Purpose. The purpose of Task 204 i s t o perform and document a system
hazard analysis (SHA) t o determinethesafety problem areas o f thetotal system
desi gn i ncl u d i ng potenti al safety cri t i cal human errors.
204.2 Task Description. The contractor s h a l l perform and document a system
hazard analysis t o identify hazards and assessthe risk ofthe t o t a l system
desi g n , including software, and specifically o f the subsystem interfaces.
This analysisshallinclude a review of subsystems interrelationshipsfor:
a. Compliance w i t h specifiedsafetycriteria.
b. Possi bl e independent,dependent, and simul taneoushazardousevents
including fail ures of safety devices and common cause t h a t could create a
hazard.
c. Degradation i n thesafetyof a subsystem or thetotal system from
normal operationofanother subsystem.
d. Design changes t h a t affect subsystems.
e.Effects of reasonable human errors.
I f no specificanalysistechniquesaredirected,thecontractor shall o b t a i n
MA approvaloftechnique (S) t o beused prior t o performing theanalysis. The
SHA maybe performed u s i n g similartechniquestothose used forthe SSHA. The
contractor shall update the SHA when needed as a r e s u l t of any system design
changes.

204.3.1 Detailsto be specified i n the SOW shallincludethe f o l l o w i n g , as
appl icabl e:
(R) a. Imposition of Tasks 100 and
204.
b. Format, content, and del i veryschedul e of any datarequi-redincluding
minimum hazard severity and probabil i ty reporting thresholds.
c.Specification of desiredanalysistechnique(s)and/orformat.
TASK 204
30March1984
204-1
252.3
0-7
-
MIL-STD-882B 99999LL 0359906 948 m
MIL-STD-882B
TASK 204
30 March 1984
TASK 204
30 March1984
I
204-2
2514
0-8
MIL-STD-882B
30 March 1984
c TASK 205
OPERATING AND SUPPORT HAZARD ANALYSIS
205.1 Purpose. The purpose of Task 205 i s t o perform anddocument an

operating and support hazard analysis (O&SHA) t o identify hazards and
recommend risk reduction al ternati ves d u r i n g a l l phases of intended systemuse.
205.2 Task Description. The contractor s h a l l perform and document an O&SHA
t o examine procedurallycontrol1 ed a c t i v i t i e s . The O&SHA identi fies and
evaluates hazards resulting from the imp1 ementation o f operations or tasks
performed by persons,considering:the pl anned system configuration/state a t
each phase of activity; the facil i ty interfaces; the planned environments (or
ranges thereof);the s u p p o r t i n g toolsorother equipment specified for use;
operational/tasksequence,concurrenttaskeffects and limitations;
biotechnologicalfactors,regulatory or contractuallyspecified personnel
safety and heal t h requirements; and thepotential for unplanned events
includinghazardsi.ntroduced by
human errors. The O&SHA must identifythe
safety requirements (or a l ternati ves) needed t o eliminate identified hazards,
o r t o reduce theassociated risk t o a 1eve1which i s acceptable under either
regulatoryorcontractuallyspecifiedcriteria. The analysisshallidentify:
a. Activities which occur under hazardous condlit i o n s , t h e i r time
periods, and the actions required t o m i nimi ze r i s k d u r i n g these
acti v i t i es/time periods.
'b. Changesneeded i n functionalordesignrequirements for system
hardware/software, facilities, tooling, or support/test equipment t o eliminate
hazards orreduceassociatedrisks.
c. Requirements forsafetydevices and equipment, including personnel
safety and 1i f e support equipment.
d. Warnings, cautions, and special emergency procedures(e.g.,egress,
rescue,escape,render-safe,back-out,etc.).
e. Requirements for hand1 i ng, storage, transporation, mai ntenance , and
disposal of hazardous materi al s.
f. Requirements forsafetytraining and personnel certification.
The O&SHA documents system safety assessment of proceduresinvol ved i n :
system production,deployment, i n s t a l l a t i o n , assembly, test, operation,
maintenance, servicing, transportation, storage, modification,
demilitarization, and disposal. The contractor s h a l l update the O&SHA when
needed as a r e s u l t of any system designoroperational changes. I f no
specificanalysistechniquesaredirected,thecontractor shall obtain MA
approvaloftechnique(s)to be used prior to performing theanalysis.
TASK 205
30 March 1984
205-1
0-9
MIL-STD-882B
30 March 1984
205.3 Details t o be Specified by the MA (Reference1.3.2.1).

205.3.1 Details t o be specifiedinthe SOW shallinclude the following, as
appl i ca bl e:
(R) a. Imposition ofTasks 100 and 205.
( R ) b. Format, content, a n d del i very schedul e of any d a t a required, including
minimum hazard probabil i t y and severity reporting thresholds.
c.Specification o f desiredanalysistechnique(s)and/orformat.
TASK 205
30 March1984
205-2

i 0-10
MIL-STD-882B
30 March1984
I
c TASK 206
OCCUPATIONAL HEALTH HAZARD ASSESSMENT

l
206.1 Purpose: The purpose of Task 206 i s t o perform and document an occu-
pationalhealth hazard assessment (OHHA) t o identify heal t h hazards and propose
protective measures t o reducetheassociated risk t o a levelacceptable t o the
MA.
206.2 Task Descri p t i on
206.2.1 -An OHHA shall be performed and documented t o identifyhealth hazards
and t o recommend engineering control S , equipment , and/or protecti ve proce-
dures , t o reducetheassociated risk t o a 1 evel acceptable t o the MA.
Specific occupational heal t h hazards and impacts that shall be considered
i ncl ude :
a . Toxi c material s (e.g. , carcinogens or suspected carcinogens , systemic

poisons , asphyxiants and respiratory irritants).
y
b . Physicalagents(e.g.,noise,heat or cold s t r e s s , i o n i z i n g and

non-ionizing r a d i a t i o n ) .
c . System, facil i t y and personnel protective equipment design
requirements(e.g.,ventilation,noiseattenuation, r a d i a t i o n barriers,etc.)
t o all ow safeoperation and maintenance. When feasibleengineeringdesigns
are n o t a v a i l ab1 e t o reduce hazards t o acceptable levels , al ternati ve
protective measures must be specified(e.g.,protectiveclothing,specific
operation or maintenance practices t o reduce r i s k t o an acceptable 1 evel ).
206.3 Details t o be Specified by the MA (Reference 1.3.2.1). .
206.3.1 Details t o be speci'fied i n the SOW shall includethe f o l l o w i n g as

appl i ca bl e:
(R) a.Imposition o f Tasks 100 and 206.
-.
b. Format y content, and deliveryschedule of any d a t a .required.-
TASK 206 f
30 Mqrch 1984."
206-1
1 14 69
.( MIL-STD-882B
. TASK 206
30 March 1984
TASK 206 .
' 30 March 1984
206-2
0-12
. "
MIL-STD-882B
30 March 1984
c TASK 207 .
SAFETY VERIFICATION
=.
.. . - ..
207.1 Purpose. The purposeof Task 207 i s t o define and perform t e s t s and
demonstrations or use other verification methods on s a f e t y c r i t i c a l hardware,
software, and procedurestoverify compliance w i t h safetyrequirements.
207.2 Task Description. The contractorshalldefine and perform t e s t s ,
demonstrations, or otherwiseverifythe compliance w i t h safety requirements on
s a f e t y c r i t i cal(defined by the MA) hardware, software, and procedures.
Induced or simulated f a i l uresshall be considered t o demonstratethefailure
mode and acceptabilityofsafetycritical equipment and software. Where
hazards are identi f i ed d u r i n g the deve1opment e f f o r t and i t cannot be
determined by analysisorinspection whether theactiontaken will adequately
* reducethe risk, safety tests shall be conducted toevaluatetheeffectiveness
o f theactionstaken. SSPPs and t e s t program plans s h a l l be revisedto
includethesetests. Where costsforsafetytesting Wou1 d be p r o h i b i t i v e , .
safety characteristics or procedures may be verified by engineeringanalyses,
analogy, 1 aboratory test, functional mockups, or subscale/model simulation,
when approved by the MA. Specificsafetytestsshall be integratedinto
appropriate system t e s t and demonstrationplans t o the maximum extent
possible.Testplans,testprocedures, and results of alltestsincluding .
designverification,operationalevaluation,technical d a t a validation and
.rc" verification, productionacceptance., and shelf-life validation shall be
L reviewed t o make sure:
a . Safety o f thedesign i s adequatelydemonstrated(includingoperating
and maintenance procedures), i nc] u d i ng v e r i f i c a t i o n of safety devi ces, warning
devi ces, etc. for a l l CATASTROPHIC hazards n o t eliminated by design.
b. Results of safetyevaluations o f the system are included i n thetest
and eval u a t i on reports.
207 .3 Details t o be Specified by the MA (Reference 1.3.2.1).
207.3.1 Details t o be specifiedinthe SOW shall includethefollowing,as
a p p l i cab1 e:
(R) a.Imposition o f Tasks 100 and 207.
(R) b . Definition of safetycriticaloridentification o f safetycyitical
equipment and procedures.
i c. Deve1opment of or i n p u t s t o t e s t pl ans,procedures and reports to
verify safety requirements.
d. Format, content, and deliveryscheduleof any d a t a required.
~
TASK 207
30 March1984
207-1

MIL-STD-BB2B m 9999933 0359932 143 m
MIL-STD-882B
TASK 207
30 March1984
TASK 207
30 March1984
"
~_" __ - -
I
207-2
2220
Licensed by Information Handling Services 0-1 4
MIL-STD-882B
30March 1984
c TASK 208
TRAINING
208.1 Purpose. The purpose of Task 208 i s t o provide training for necessary
c e r t i f i c a t i o n of contractor andGovernment personnel who will be i n v o l ved w i t h
contractor activities i n such subjectsas hazard types and theirrecognition,
causes, effects, and preventive and control measures;procedures, check1 i s t s ,
and human error; safeguards, safety devi ces, protecti ve equi ment ; moni tori ng
and warni ng devi ces; and conti ngency procedures.
208.2 Task Descri p t i on.
208.2.1 T r a i n i n g ofTest,Operating, and Support Personnel. The contractor
shall conductasystem safety training program for c e r t i f i c a t i o n of t e s t ,
1 operating and support personnel. Approved safety procedures shall be included
i n instruction 1esson pl ans and student exami nation for the training o f
engi neeri ng , techni ci an, operati ng, and maintenance personnel . Contractor
test, operations, and f i e l d support personnel shall be c e r t i f i e d as having
completeda trainingcourse i n safetyprinciples and methods. Specific
certificationrequirementsshall be established by a program c e r t i f i c a t i o n
board t h a t includesthe system safety manager asa member.
208.2.2 TrainingofPersonnel Invol ved i n Design, Deve1 opnent , and
Production. The contractor shall deve1op safetytraining programs using
.
r e s u l t s o f system and operating hazard analyses, and shall provi de for
specific types and 1 eve1 s o f contractor personnel : i .e , managers, engi neers,
and techniciansinvolved i n design,productassurance, t e s t , and production.
208.2.3 Training of Government Personnel. Contractor safety t r a i n i n g shall
al so i ncl udeGovernment personnel who will be i n v o l ved i n contractor
activities.
208.3.1. Detailsto be specified i n the SOW shallincludethefollowing, as
appl i ca bl e:
(R) a. Impositionof Tasks 100 and
208.
b. Format, content, and deli veryscheduleof any d a t a required.
TASK 208
30March 1984
208-1
c
E-1
flIL-STD-8828
TASK 208
30 March 1984
.. .
TASK 208
30 March 1984
208-2

, MIL-STD-882B
30 March' 1984
TASK 209
SAFETY ASSESSMENT
209.1 Purpose. The purpose o f Task 209 i s to perform anddocumenta

comprehensive evaluation of the mishap risk being assumed p r i o r t o t e s t or
operation of a system or at contract completion.
209.2 Task Description. The contractorshall perform and documenta safety
assessment to identify all safety features of the hardware, software, and
systemdesign and toidentifyproceduralhazardsthat may
be present i n the
system being acquired i ncl u d i ng s p e c i f i c procedural control S and precautions
t h a t should be fol1 owed.The safetyassessmentshall summarize:
a. The s a f e t y c r i t e r i a and methodology used t o cl assify and rank
hazards.
b. The analyses and t e s t s performed toidentifyhazardsinherent i n the
system,including:
1. Those hazardsthat s t i l l havea residual risk, and theactions
t h a t havebeen taken t o reduce the associated risk t o a1 eveicontractually
s peci f i ed as acceptabl e.
2. Results of tests conducted t o val i d a t e s a f e t y c r i t e r i a
requirements and analyses.
c. The resultsofthesafety program efforts.Include a l i s t of a l l
significanthazardsalong w i t h s p e c i f i c s a f e t y recommendations or precautions
requiredtoensuresafety o f personnel and property.Categorizethe l i s t of
hazardsasto whether or not they may be expected under normal or abnormal
operati ng condi t i ons .
d. Any hazardousmateri alsgenerated by o r used i n thesystem,
including:
1. Identification o f materialtype,quantity, and potentialhazards.
2. Safetyprecautions and proceduresnecessary d u r i n g use,storage,
transportation, and disposal.Includeallexplosiveshazardclassification
data deve1 oped i n accordance w i t h Expl osi ves Hazard C l assi f i cation Procedures.
3. A copy of the MaterialSafety Data Sheet (OSHA Form 20 o r
DD Form 1813).
e. Conclude w i t h a signed statementthatallidentifiedhazards have
been eliminatedor their associated risks controlled t o levels contractually
specified as acceptable, and t h a t the system i s ready t o t e s t or operate or
proceed t o the next acquisition phase.Inaddition, the contractorshall make
TASK 209
30 March 1984
209-1
"
2523 E-3
" _
MIL-STD-882B
30 March 1984
,
- .>
r.ecommendations appl icabl e t o hazards attheinterfaceof his system w i t h the ...

. *-
I
other;system(s)ascontractuallyrequired.
209.3. Detailsto be Specified by the MA (Reference1.3.2.1).
.. 209.3.1 .Detailsto be specified i n the SOW shallincludethefollowing,as
app1.i ca ble:
(R)' a.Imposition ofTasks 100and209.
b. Format, content, and del ivery
schedule of
any data red.
. -
TASK 209
30 March1984
209-2
2524
Licensed by Information Handling Services -4
MIL-STD-BB2B 9999933 0359937 723
MIL-STD-882B
30 March1984
I'
TASK 210
SAFETY COMPLIANCE ASSESSMENT
210.1 Purpose. The purpose of Task 210 i s t o perform and document a safety
5 compliance assessment t o verify compliance w i t h mil i t a r y , federal , n a t i o n a l ,
and industry codes imposed contractually or by 1 aw t o ensuresafedesign of a
system, and t o comprehensively evaluate the safety risk being assumed prior t o
t e s t or operation o f a system or a t contract compl e t i on.
210.2 Ta.sk Description. The contractorshall perform and document a safety
compl i ance assessment t o identify anddocument compl i ance w i t h a p p r o p r i ate
desi gn and operational safety requirements. The assessment i d e n t i f i esthe
contractually imposed standards,specifications, and codes appropriate t o the
safety of the system and documents compl iance w i t h theserequirements. The
assessment. incl udes necessary hazard anal ysi S , desi gn drawi ng and procedural
reviews, and equipment inspections. The assessment shallincorporatethe
scope and techniques of PHA, SSHA, SHA, and O&SHA t o theextentnecessary to
assurethesafedesign,operation, maintenance , and support o f thesystem. A
safety compl iance assessment shall :
a . Identify contractual mil i tary, federal , n a t i o n a l , and industry safety
specifications,standards, and codes applicable t o the system and document
compl ianceofthedesign and procedures w i t h theserequirements.
b. Identify and evaluateresidual hazards inherent i n the system or t h a t
a r i s e from system-unique i n t e r f a c e s , i n s t a l l a t i o n , t e s t , o p e r a t i o n , maintenance,
or support.
c. Identify necessary special ized safety desi gn features , devi ces ,
procedures , s kill s , trai n i ng , facil i t i es , support requi rements , and personnel
protecti ve equipment.
d. Identify hazardous materials and theprecautions and procedures
necessary for safe storage , hand1 i n g , transport , use, and disposal of the
materi al .
210.3.1 Detailsto be specified i n the SOW shall -includethe f o l l o w i n g , as
appl i ca bl e:
(R) a. Impositionof Tasks 100 and 210.
b. Format, content , and delivery schedul e of any d a t a required,
i
TASK 210
30 March1984
21 0-1
,
2525 -S
MIL-STD-882B
TASK 210
30 March 1984
I.
J
TASK 210
30 March 1984
210-2
-.. ,
~
2526
~
Licensed by Information Handling Services -S

MIL-STD-882B
30 March1984
TASK 211
SAFETY REVIEW OF ENGINEERING CHANGE PROPOSALS AND

REQUESTS FOR DEVIATION/WAIVER
211.1. Purpose. The purpose o f Task211 i s t o p e r f o r m anddocument analyses

o f e n g i n e e r i n g changeproposals (ECPs) a n dr e q u e s t sf o rd e v i a t i o n / w a i v e rt o
determinethesafetyimpactonthesystem.
211.2 TaskDescription.
211.2.1 ECP E v a l u a t i o n s . The c o n t r a c t o rs h a l al nalyze each ECP t od e t e r m i n e

t h eh a z a r d sa s s o c i a t e dw i t h it, a s s e s st h ea s s o c i a t e dr i s k , and p r e d i c t t h e
safetyimpactofthe ECP o n t h e e x i s t i n g system. The b a s i s f o r d e t e r m i n i n g
t h a t no hazardsareintroducedbythe ECP must be explained and anynecessary
s u p p o r t i n ge v i d e n c ei n c l u d e d i n theevaluationdocumentation. When an ECP i s
determined to decrease the 1eve1 o f s a f e t y o f t h e e x i s t i n g system, t h e MA must
be so n o t i f i e d .
211.2.2 Requests f o rD e v i a t i o n / W a i v e r . The contractorshall,analyzeeach

requestfordeviation/waivertodetermi ne thehazards and a s s e s s t h e r i s k o f
t h ep r o p o s e dd e v i a t i o nf r o mo rw a i v e ro f a r e q u i r e m e n t ,o r a s p e c i f i e d m e t h o d
o r process. The change i n t h e r i s k i n v o l ved i n a c c e p t i ng t h e d e v i a t i o n o r
w a i v e rs h a l l be i d e n t i f i e d . When t h el e v e lo fs a f e t yo ft h es y s t e m w i
l be
r e d u c e db yd e v i a t i o nf r o m or w a i v e r o f t h e r e q u i r e m e n t , method, o r process,
t h e MA mustbe so n o t i f i e d .
211.3. D e t a i l st o b eS p e c i f i e db yt h e MA (Reference 1.3.2.1).

211.3.1 D e t a i l st o be s p e c i f i e d i n t h e SOW s h a l li n c l u d et h ef o l l o w i n g , as
appl icab1 e:
(R) a. I m p o s i t i o no f Tasks100and 211.
b. Format,content,anddeliveryschedul e o f anydatarequired.
TASK 211
30 March1984
211-1
-.
E-?
MIL-STD-882B
TASK 211
30 March1984
TASK 211
30 March1984
211-2
2528 E-8
LLicensed by Information Handling Services
MIL-STD-882B
30 March 1984
TASK 212
SOFTWARE HAZARD ANALYSIS
212.1 Purpose. The purpose of Task 212 i s t o perform anddocument a software

hazard analysis t o identify hazardous conditions incident t o safety cri t i cal
operator information and commandand controlfunctionsidentified by the PHA,
SSHA, .SHA, or other efforts.
212.2 Task Description, The contractor s h a l l perform and document software
hazard analysis. on safety critical software-control1 ed functions t o identify
software errors/paths whichcou1 d cause unwanted hazardous condi t i ons.
212.2.1 PreliminarySoftware Hazard Analysis. These e f f o r t s shall examine
softwaredesign t o identify unsafe inadvertent cornmand/failUre-to-commandmodes
for resolution. This effortshall be.accomplished by tracingsafetycritical
operator information and commands t h r o u g h flow charts y storage allocation
charts , software and hardware specifications , and other appl icabl e
documentati on.
212.2.2 Fol1 ow-on Software Hazard Analysis. These effortsshall examine
software and i t s system interfaces for events, faults y and occurrences such as
i
t i m i n g which could-cause or contri bute t o undesi red events affecting safety.
This effort shall be accomplished by tracing safety cri t i cal operator
information andcommands through source/object code throughsystem simulation
and through other appl i cab1 e documentation. Safety cri t i cal programs/modul es
. shall be analyzed for sensitivity t o software or hardware f a i l ures ( b i t
transformatio.n,.register perversion,interfacefailures,etc.) which could
causethe system t o operate i n a hazardous manner.
212.3.1 Details to be specified i n the SOW shallincludethe f o l l o w i n g , as
a p p l icabl e:
(R) b. Defi n i t i o n of s a f e t y c r i t i cal .
c. Format , content, and delivery schedul e of any d a t a required.
d. Degree of fault-to1erance for Category I and I I hazards.
/ TASK 212
30 March1984
. 212-1
.r
.
--------
2529
99
.2. . J-. .
MIL-STD-882B
TASK 212
30 March1984

. .
TASK 212
30 March1984
21 2-2

MIL-STD-882B
30 March 1984
TASK 213
GFE/GFP SYSTEM SAFETY ANALYSIS
213.1 Purpose. The purpose o f Task 213 i s t o make sure system safety
analyses for GFE/GFP are considered for integrati on into the system.
213.2
Task Description. The contractorshallidentifythesa f ety crit i cal
performance and design d a t a needed t o incorporatethe GFE/GFP i t ems.
213.2.1 Ifthe d a t a i s available and i s t o be supplied by the MA, the
contractor shall :
a.Identifythe system safetyanalyses t h a t are needed, a nd when these
analysesare needed.
c
b. Identify t o the MA any additional system safetyanalyses t h a t are
needed for interfaces between t h e GFE/GFP and the .rest o f thesystem.
c. Perform theanalysis upon receipt of MA approval t o do so.
a . Develop and submit t o the MA a proposed method for determining needed

safety-critical d a t a by a n a l y s i s ,t e s t , and/orinspection. ,
b. Imp1ement the approved method upon receipt of MA approval t o do so.

(R) a. Imposition of Tasks 100 and 213.

( R ) b. Definition of s a f e t yc r i t i c a l .
c. Format , content , and del i very schedule for any d a t a required
i ncl udi ng mi nimum hazard severity and probabil i ty reporti ng thresholds .
! TASK 213
30March 1981
213-1
2532
E-11
," ..~ .. -
MIL-STD-BB2B
MIL-STD-882B
TASK 213
30March1984
TASK 213
30March1984
213-2
,-- - "" -
2532
MIL-STD-BBZB m 9 9 9 9 9 3 3 0359925 B T T m
MIL-STD-882B
APPENDIX A
30 March1984
Appendix A
GUIDANCE FOR IMPLEMENTATION OF
SYSTEM SAFETY PROGRAM REQUIREMENTS
10. GENERAL. System safety i s theelement ofsystems engineering i n v o l v i ng

theapplication of scientificand,engineeringprinciples for thetimely
identification of hazards and i n i t i a t i o n o f theactionsnecessary to
eliminatehazards or reduce theassociated risk t o an acceptablelevel w i t h i n
the system. I t draws upon professional knowledge and specializedskills i n
the mathemati cal , physical , and re1 ated s c i e n t i f i c d i s c i pl i nes, together
w i t h the pri ncipl es and. methods of engi neeri ng design and anal ysi S t o
specify,predict, and evaluatethesafety o f the system. The degree o f
safety achieved in a system i s d i r e c t l y dependent upon the emphasis given.
This emphasis must be applied by the. Government and contractors d u r i n g a l l
phases o f the, 1i f e cycl e. Design s a f e t y i s a prelude t o operationalsafety
and the goal i s t o produce an inherentlysafe product t h a t will have the
minimum operationalsafetyrequirements or r e s t r i c t i o n s .
10.1 Scope. This appendix provides rationale and guidance for the
selection o f requirements and tasks t o f i t the needs o f any system safety
program, and identifiesapplicable d a t a items for documenting theresults of
requiredtasks.
10.2 Purpose (Reference Paragraph 1.1). Provision for a system safety
program asdefined by this standard should be included i n allapplicable
contractsnegotiated by DoD. These contractsincludethosenegotiated
within each DoD agency, by one DoD agency foranother, and by DoD for other
Government agencies. I n a d d i t i o n , each DoD in-house program shouldconduct
a system safety program. Thisappendix i s t o be used t o t a i l o r system
safety requirements i n the most cost effective manner t h a t meets established
program objectives. However, i t i s not intended t o be referencedor imple-
mented incontractual documents.
10.3 User. The user of this appendix may includethe DoD MA, Government
in-houseactivity, prime contractors,associatecontractors, or subcontrac-
tors, who wi sh t o impose system safety tasks upon t h e i r suppl i e r ( s ) .
10.4 Contractual Requirements.. Thisstandard i s t o be tailored and incor-
porated i n the l i s t o f compliance documents. Tailored system safety program
requirements are specified. i n the contractual provisions- including the SOW,
bidders'instructions,contract d a t a requirements l i s t , general and special
provisionsections,annexes, and othercontractual means. An SSPP may be
submitted w i t h thecontractor's proposal and be subjecttocontract nego-
t i a t i o n . Upon approval by the MA, this SSPP should be attachedtothe
contract, referenced i n the SOW, and w i t h appl i cab1 e portions of this stan-
dard become thebasisforcontractualrequirements.
10.5 Managing ActivityResponsibilities. The MA will:
a.Establish,plan,organize, and implement an effective system safety
program t h a t i s integrated i n t o a l l l i f e c y c l e phases.
A- 1
E-13
MIL-STD-BBZB m 99999LE 0359926 736 m
MIL-STD-882B
APPENDIX A
30 March 1984
b. Establ ish defi nitive system safety program requirements for the
procurement or development of a system. The requirements shall be s e t forth
clearly i n theappropriate system specifications and contractual documents
and def i ne :
1. In theappropriate system specifications,the system safety
designrequirements t h a t are a v a i l able and applicable, and the specific risk
1 evel s consi dered acceptable for the system. Acceptabl e r i s k 1 evel s maybe
defined i n terms of a hazard severi t y l h a z a r d probabil i t y matrix, an overall
system mishap rate, or other suitable risk assessmentprocedures.
2. In the SOW, the system safety requirements t h a t . cannot be
defined i n the system specifications. This would includegeneraldesign
guidelines i n paragraph 4.3.
3. In the SOW and contract d a t a requirements 1 i s t asapplicable,
thespecifiedsafety d a t a ; e.g.,analyses,tests,orprogressreports that
will be requiredduringthescopeoftheeffort.
c. Ensure t h a t an SSPP i s prepared t h a t reflects i n detail how the
total program i s t o be conducted.
d . Review and approve for impl ementationthe SSPPs prepared by the
contractor.
e. Supply historicalsafety d a t a as available.
f . Monitor contractors' system s a f e t ya c t i v i t i e s and review and
approve del iverable d a t a , i f applicable, t o ensureadequate performance and
compliance w i t h system safetyrequirements.
g . Ensure t h a t theappropriate system specificationsare updated t o
ref1 ect results of analyses, tests, and evaluations.
h . Eva1 uate new desi gn c r i t e r ia for i ncl usi on into mil i tary speci fi ca-
tions and standards and submit recommendations t o therespectiveresponsible
organization.
i . Establish system safety groups asappropriate t o assistthe program
manager i n developing and impl ementing a system safety program.
j . Establish work breakdown structure elements a t appropriatelevels
for system safety program mandgement and engineering.
20. REFERENCED DOCUMENTS. Referenced documents are not includedherein.
Referenced documents required t o suppl ernent t h i s mil i t a r y standard are
specified i n the system specifications and othercontractual documents.
30. SYSTEM SAFETY REQUIREMENTS. Section 4, System Safety Requirements, pro-
vides basic system safety requirements most DoD systems and facil i t i e s
acquisition programs shouldmeet. Task 100, which implements Section 4,
must be imposed as a s i ngl e generaltask t o instruct the contractor t o con-
duct a system safety program. I t can be tailoredto f i t the differenttypes
A-2

E-14
- "
. .
MIL-STD-BBZB m 77777LL 0357727 672 W
~~
MIL-STD-882B
APPENDIX A
30 March 1984
and sizes of programs.. Additionaltasks i n section 100 and 200 orother

specific tasks n o t i n this standard, must also be detailed i n the SOW t o
f u l f i l l specific needs of i n d i v i d u a l programs.
30.1 System Safety Program Objectives and Design Requirements (Reference
paragraphs 4.2 and 4.3). These areverybasic program objectives and
desi gn requirements needed t o meet the objectives, and are appl icabl e t o
most DoD systems and f a c i l i t i e s a c q u i s i t i o n programs.
30.2 System Safety Precedence (Reference paragraph 4 . 4 ) .
30.2.1 The overall goal of a system safety program i s t o designsystems that
do not contain hazards. However, thenature of mostcomplex systems makes i t
impossible or impractical t o design them completelyhazard-free. As hazard
analysesare performed,hazards will be identified t h a t will requireresol u-
t i o n . System safety precedence defi nes theorder t o be f o l 1 owed for
.
sati sfyi ng system safety requi rements and reducing ri s ks The al ternati ves
for eliminating the specific hazard or controlling its associated risk will
have t o be evaluated so that an acceptabl e method for risk reduction can be
agreed t o .
30.2.2 Hazard identification,categorization, and correctiveactions
will need t o proceed t h r o u g h design,developnent, and testing o f a l l
development phases. Assessment of r i s k will be necessary i n determi ni ng
what correctiveactions should be taken. Whatever level of hazard risk
reduction if taken must be thoroughly j u s t i f i e d i n a l l cases.
30.3 Risk Assessment (Reference paragraph 4.5).
30.3.1 To determine what actions t o take t o correctidentifiedhazards, a
system of determiningthe 1 evel of r i s k involved must bedeve1 oped. A good
risk assessment model willenabledecision makers t o properlyunderstandthe
amount of risk involved re1 a t i v e t o what i t will cost i n schedule and
dol 1 ars to reduce that risk t o an acceptabl e 1 evel .
30.3.2 To eliminateas many hazardsasppssible,prioritize hazards for
correctiveaction. A categorization of hazards may be conducted according t o
risk 1 evel c r i t e r i a. Categorization may be based on severity since n o t a l l
hazards are o f equalmagnitude. or cri t i cal i t y t o personnel safety and mission
success. In some cases,theanticipated consequences of hazardousevents may
be minimal,while i n others,catastrophic. Hazard categorizati-on may also
involve the determination of the 1i kel i hood of the hazardous event actually
occurring. This may be reported i n non-numeric (qualitative)terms, such as
frequent, occasional , or impossi bl e; or i n numeric ( q u a n t i t a t i ve) terms such
as once i n ten thousand f l i g h t s , or 1 X 10'4/fl i g h t . Priori t i z a t i o n may be
accomplished either subjectively by qualitativeanalysesresulting i n a com-
parative hazard risk assessment or through quantification o f theprobability
o f occurrence resul t i ng i n a numeric priority factor for t h a t hazardous con-
d i t i o n . Figures 1 and 2 show two sample matrices for hazard r i s k assessment
whichcan be appl ied t o provide qual i t a t i ve p r i o r i t y factors for assigning
correctiveaction. In the f i r s t matrix an identified hazard assigned a hazard
risk indexof l A , l B , l C , ?A, 2B, or 34 m i g h t require immediate corrective
A-3
F-1
MIL-STD-882B
APPENDIX A
30 March1984
FIGURE 1. FIRST EXAMPLE HAZARD RISK ASSESSMENT MATRIX
HAZARD CATEGORIES
II I II I IV
FREQUENCY OF OCCURRENCE CATASTROPHIC CRITICAL MARGINAL NEGLIGIBLE
( A ) FREQUENT 1A 2A 3A 4A
( B ) PROBABLE 1B 28 3R 4B
( C ) OCCASIONAL . 1c 2c 3c 4c
( D ) REMOTE 1D 2D 3D 4D
( E ) IMPROBABLE I 1E 2E 3E 4E I
Hazard Risk
Suggested
Index Criteria
lA, lB, l C , 2A, 2B, 3A Unacceptabl e
l D , 2C, 2D, 38, 3C Undesi rabl e (MA decision
required)
lE, 2E, 3E,
3D, 4A, 4B Acceptable w i t h review by MA
4C, 4D, 4E Acceptabl ereview
without
FIGURE 2. SECOND EXAMPLE HAZARD RISK ASSESSMENT MATRIX
HAZARD CATEGORIES
III I II IV
FREQUENCY OF OCCURRENCE CATASTROPHIC CRITICAL MARGINAL NEGLIGIBLE.
(A) FREQUENT 1 3 7 13
(B) PROBABLE 2 5 9 16
(C) OCCAS IONAL 4 6 11 18
(D) REMOTE 8 10 14 19
, (E) IMPROBABLE 20 117

2 15
Hazard Risk Index Suggested Cri t e r i a
1 - 5 Unacceptable
6 - 9 Undesi rabl e (MA deci si on requi red)
10 17 - Acceptable w i t h review by MA
18 20 - Acceptabl e without review
A-4
-____
2535
f-2
I
. .~ - I i
" ~ ~ ~~~
MIL-STD-BBZB H 9999933 0359929 4 4 5 . _ - .
MIL-STD-882B
APPENDIX A
30 March 1984
c . adti on. A hazard risk index of l D , 2C, 2D, 3B, or W

possiblecorrectiveaction.
3Cou1 d be tracked for
A hazard risk index o f lE, 2 E , 30, o r 3E m i g h t
have a 1ower priority for corrective action and may n o t warrant any tracking
actions. I n the second matrix, risk indices of 1 t h r o u g h 20 (1 being highest
risk)areassigned somewhat a r b i t r a r i l y . This matrix designassigns a d i f -
ferent index t o each frequency-category p a i r thus a v o i d i n g the situation
caused by creatingindicesasproducts of numbers assigned t o frequency and
category which causes common results such as 2 X 6 = 3 X 4 = 4 X 3. This
situation hidesinformationpertinentto p r i o r i t i z a t i o n . These are only
exampl esof a r i s k assessment methods and do not f i t a l l programs.
30.4 .Action on Identif4ed Hazards (Reference p a r a g r a p h 4.6). The contrac-
tor i s r e w i r e d t o f o l 1 ow the svstem safety precedence t o resol ve
CATASTROPHIC and CRITICAL hazards, and g u a r d ' against MARGINAL hazards.
40. TASK SELECTION
40.1 Selection
Criteria
40.1.1 A major challenge which confrontsall Government and industry
organizationsresponsible for a system safety program i s theselectionof
tasks whichcan materially a i d i n attaining program safetyrequirements.
Schedule and f u n d i n g constraints mandate a cost-effective selection, one
t h a t i s based on identified program needs. The considerationspresented
hereinareintendedto provideguidance and rationale for this selection.
They are a l s o intended tojogthe memory for lessonslearned t o provoke
questions whichmustbe answered and t o encouragedialogue w i t h other
engineers, and operations and supportpersonnel so t h a t answers t o questions
and solutions t o prob1 ems canbe found.
40.1.2 Once appropriatetasks havebeen selected,thetasks themselves must
be tailored and specifiedasoutlined i n the"Details To Be Specified By the
MA." I t i s a l s o important t o coordinatetaskrequirements w i t h otherengi-
neeringsupportgroups, such as l o g i s t i c s s u p p o r t , r e l i a b i l i t y , e t c . , t o
eliminate dupl i cation of tasks and t o be aware o f any a d d i t i o n a l information
o f value t o system safety which theseother groups can provide.Finally,
c the t i m i n g and depthrequiredfor each task, as well as actionto be taken
based on t a s k outcome, are 1argely dependent on individualexperience and
program requirements. For thesereasons, hard and fastrulesare not
stated.
40.2 Application Matri x for Program Phases. Tab1 es I and I I hereinprovide
qeneralquidance on taskselection t o establish an acceptable and costeffec-
i i v e system safety program. These tables can be used to i n i t i a l l y i d e n t i f y
thosetasks which typically are included i n an effective system safety program
for the p a r t i cul ar acquisition phase i n v o l ved. The user of the documentcan
then refer t o the particular t a s k referenced by thematrix and determine from
thedetail ed purpose at the beginning o f the t a s k i f i t i s appropriate t o
identify as a. program task. The use of this matri x for devel opi ng a system
safety program i s t o be considered as o p t i o n a l guidance only and i s not t o be
construedascovering a l l procurement situations. The provisions of a p p l i -
cab1 e regulations must al so be f o l 1 owed.
A-5
~ "" - -
-.
1531
F-3
. . . .
MIL-STD-BAZB m 99999LL 0359930 L b 7 m
MIL-STD-882B
APPENDIX A
30 March1984
TABLE 1. APPLICATION
MATRIX FOR SYSTEM PROGRAM DEVELOPMENT
TASK " PROGRAM PHASE
TASK TITLE TYPE CONCEPT VALID FSED PROD
100 System S a f e t y Program MGT G G G G
101 System S a f e t y Program Plan MGT G G G G
1o2 Integration/ManagementofAssociate MGT S S S S
contractors,Subcontractors, and
AE Firms
103 System S a f e t y ProgramReviews M GT S S S S
104 SSG/SSWG Support MGT G G G G
105 Hazard Tracking and Risk Resol ution M GT S G G
106 Test and EvaluationSafety G MGT G G G
107 System Safety Progress Summary MGT G G G
108 Qualifications of Key System S a f e t y MGT S S S S
Personnel
201 Prel imi nary Hazard List EN G G S S N/ A
202 Prel imi nary Hazard Analysi S ENG G G G GC
203 SubsystemHazardAnalysis ENG N/A G G GC
204 SystemHazard Analysis EN G G N/ A G GC
205 Operating and Support Hazard ENG S G G GC
Analysis
206 Occupational Heal t h Hazard G ZNG
G G GC
Assessment
207 Safety Verification EN G GS G S
208 Trai n i ng MGT N/A S S S
209 S a f e t y Assessment MGT S S S S
21 o S a f e t y Compl iance Assessment MGT S S S S
211 S a f e t y Review of ECPs and Waivers MGT G N/A G G
212 Software Hazard Analysis ENG S G G GC
21 3 GFE/GFP System Safety Analysi S ENG S G G G
Notes: TASK TYPE APPLICABILITYCODES
ENG - System Safety Engineering S - Sel e c t i vel y Appl i cabl e
MGT - Management
G - General 1 y Appl icabl e
PROGRAM PHASE
GC - General 1 y Appl i cabl e To Desi gn
CONCEPT - Conceptual Changes Only
VALID - Val i d a t i o n N/A - NotAppl icabl e
FSED - Fu1 1-Scal e Engi neeri ng Deve1 opment
PROD - Production
A-6
Licensed by Information Handling Services F-4

MIL-STD-BBZB 99999330359933 OT3
MIL-STD-882B
APPENDIX A
30 March 1984
TABLE 2. APPLICATION
MATRIX FOR FACILITIES
ACQUISITION
TASK PROGRAM PHASE
TASK TITLE TYPE
"
P&R DEV CON DES FIN DES CON
1O0 System Safety Program MGT G G G G
101 System Safety Program Plan MGT S G G S
102 IntegrationIManagementofAssociate MGT S S S S
Contractors,Subcontractors, and
AE Firms
103 System Safety Program Reviews MGT G G G G
104 SSGISSWG Support MGT G G G G
105 Hazard Tracking and Risk Resol u t i o n MGT G G G G
106 Test and EvaluationSafety MGT G G G G
107 System SafetyProgress Summary MGT S S S S
108 Qualifications of Key System Safety MGT S S S S
Personnel
201 Prel iminary Hazard List ENG G NIA NIA N/A
202 . Prel imi nary Hazard Analysi S EN G G S NIA NIA
203 Subsystem Hazard Analysis ENG NIA S G GC
204 SystemHazard Analysis ENG NIA 6% G GC
205 Operating and Support Hazard EN G S G G GC
Anal ysi S
206 Occupational Heal t h Hazard ENG G S NIA NIA
Assessment
207 Safety Verification ENG NIA S S S
208 Trai n i ng MGT S S S S
209 Safety Assessment MGT NIA S G S
21 o Safety Compl i ance Assessment MGT NIA S S S
21 1 Safety Review of ECPs and Waivers M GT S S S S
21 2 Software Hazard Analysi S EN G S S S GC
213 GFE/GFP System Safety Analysis ENG S S S S
Notes: TASK TYPE APPLICABILITY CODES
ENG - System SafetyEngineering S - S e l e c t i v e l y Appl icabl e
MGT - Management
G - Generally Appl i cabl e
PROGRAM PHASE
GC - Generally Applicable To Design/
P&R DEV - Programming and Requirements Construction ChangesOnly
Deve1 opnent
N/A - Not Appl i cabl e
CON DES - ConceptDesign
FIN DES - Final Design
CON - Construction
A-7
"
"%
-
2539 F-5
MIL-STD-BB2B W 9999933 0359932 T 3 T
NIL-STD-882B
APPENDIX A
30 March 1984
40.3 Task Prioritization. The problem of prioritizing or establishing a

baseline group from a l l the tasks in this document cannot be solved un1 ess
vari ab1 es 1 i ke system complexity, program phase, a v a i l a b i l i t y o f funds,
schedule,etc.,are known. Task 100, System Safety Program, i s required,
and t a i l o r i n g should be based on t o t a l program cost and complexity. All
othertasksrequire Task 100 as a prerequisite.
40.3.1 Identifying a n d Quantifying System Safety Needs. The elements o f a
system safety program must be selected t o meet thesafety needs. These
needs are identi fed by higher authority t h r o u g h directives and other docu-
ments. Identifying and quantifyingthese needs must be accomplished prior
t o theappropriateacquisition phase so t h a t tasks and requirements commen-
surate w i t h the needs may be included. The tasks and requirements which are
included establish the framework for thecontinuing system safetydialogue
between the MA and the proposing contractors, one or more of whom will u1 t i -
mately be selected t o develop the system.
40.3.2 Selecting Tasks t o F i t the Needs. In most cases,the need forthe
tasks is sel f-evident .
Whil e experience pl ays a key rol e i n task selection,
i t shoul d be suppl emented by analysis and investi g a t i o n . Oncerecommen-
dationsfortaskapplications havebeen determined and more detailedequip-
ment requirements identified , tasks and requirements can be priori t i zed and
a "rough order of magnitude" estimateshould bemade o f thetime and e f f o r t
required t o complete each t a s k . Thisinformation will be ofconsiderabl e
valueinselectingthetasks whichcan be accomplished w i t h i n schedule and
f u n d i n g constraints.
50. RATIONALE AND GUIDANCE FOR TASK SELECTIONS.
50.1 Task Section 100 - Program Management and Control.
50.1.1 System Safety Program (Task 100). Thistask i s required i f
MIL-STD-882B i s t o be imposed. Task 100 requiresthecontractor t o set up
a n d conduct a system safety program t o meet therequirements o f Section 4.
Because of thegeneralnature o f Section 4, careful tailoring o f the
requirementscontainedtherein i s necessary for each program, particularly
for re1 a t i vely smal 1 e f f o r t s .
50.1.2 System Safety Program Plan (Task 101).
50.1.2.1 The system safety program plan i s a basictool used by the MA t o
a s s i s t i n managing an effective system safety program. I t canbeused to
evaluatethevariouscontractors' approaches t o , understanding o f , and exe-
cution o f t h e i r system s a f e t y t a s k s , t h e i r depth o f p l a n n i n g t o make sure
t h e i r procedures for imp1 ementi ng and control 1 i ng system safety tasks are
adequate, and theirorganizationalstructure t o make sureappropriateatten-
tionwill be focused on system s a f e t y a c t i v i t i e s .
50.1.2.2 An SSPP i s normally prepared by thecontractor andwhen approved
by the MA, becomes thebasis of understanding between thecontractor and the
MA as t o how the system safety program i s t o be conducted. The SSPP
identifies all safety program activiti-esspecified by the MA andshows how
A-8

-
MIL-STD-BBZB 9999911 0359933 9 7 6 m
MIL-STD-882B
APPENDIX A
30 March 1984
the safety program will provide i n p u t orprecludeduplication of e f f o r t .

The pl an providesspecificinformation t o show how thecontractor will meet
quantitative and/or. qual i t a t i ve safety requirements d u r i n g deve1 opment, pro-
duction, and construction phases. When prepared i n response t o a request
for proposal,the SSPP servesas a t h o r o u g h cross-indextothesafety mana-
gementand engineeringproposalscontained i n the contractor's response.
This p l a n must cl early ref1 ect the safety features of theresponse. On
small programs, orlarge programs w i t h severalassociatecontractors where
the MA i s the integrator, or where the MA has a firm idea o f thetype and
magnitude of the system safety effort required , the MA may preparethe SSPP
and attach i t tothe SOW. This often will savefunds sincethe MA Wou1 d not
need t o buy the pl an from the contractor, and a l so informs the contractor
just what i s expected. Not only does t h i s allow contractorstopricethe .
e f f o r t i n their bids, i t eliminatesthepossibility of entering i n t o rounds
o f submittal /disapproval /resubmi t t a l by contractors inexperi enced i n system
safety. However, i f thecontractor does not prepare an SSPP, other t h a n i n
the proposal i t s e l f , t h e MA obtains no immediate informationasto whether
thecontractorunderstandsthe system safetyrequirements.
50.1.2.3 The format and instructions for preparing an SSPP arespecified i n
Task 101 and DoD Authorized Data Item DI-H-7047A, System Safety Program Plan.
This d a t a item must be tai'l ored for each program by requiring certain
paragraphs to be l i s t e d on thecontract d a t a requirements 1 i s t , DD Form 1423.
Preliminary SSPPs areoftenrequired t o be submitted w i t h .the contractor's
proposal. T h i s allows for the proposed system safetyeffort t o be considered
d u r i n g sourceselection.Additionally, i f thescope of t h e e f f o r t i s too
large or small,ormisdirected, i t providestime t o getthecontractor to
correct the error prior to contract initiation.
50.1.3 Integration/Management of AssociateCont-ractors,Subcontractors and
Architect and Engineering Firms (Task 102). Majorprograms or construction
projects will often have mu1 t i pl e associate contractors, integrating contrac-
tors, and AE firms under contract. An integrating contractor- or a facil i ti es
acquisition contractor will often have the responsi b i l i t y t o oversee system
s a f e t ye f f o r t s ofassociatecontractorsor AE firms. Task 102 providesthe
authority for management surveil 1 ance needed by the integrating or facil i t i es
acquisition contractor by assigningthe various system safety roles o f asso-
ciatecontractors,subcontractors,integrators , and constructionfirms. The
integrator should be tasked t o write an ISSPP according t o therequirements
outlined i n Task 101. The integrator and constructioncontractorshould be
tasked t o perform system hazardanalyses and assessments t o cover theinter-
faces between thevarious'contractors'portions of the system or construction
e f f o r t . All contractors and AE firmsshould be made aware of theintegrator's
or facil i t i es acquisition contractor' S rol e of overall system safety manage-
ment. The integrator needs t o resolvedifferences between associates i n
safety-relatedareas. The MA will aidtheintegrator i n theseeffortsto make
sure a l l contractors and firmsmutuallyunderstandthe system safetyrequire-
ments, and their respective responsibilities to comply w i t h them.
50.1.4 System Safety Program Reviews (Task 103).
A-9
MIL-STD-882B
APPENDIX A
30 March 1984
50.1.4.1 I n additiontothe system safety reviews required by other DoD o r

serviceregulations and MIL-STDs ( a t milestonedesignreviews and audits), the
l
MA may requirespecialsafetyreviews.Early i n a major program, system
safety reviewsshould be held at least quarterly and asthe program
progresses,time between reviews can be extended. I n a d d i t i o n t o more
detail ed coverage o f those items discussed a t mil estonedesignreviews , the
reviewsshouldaddressprogress on a l l system safetytasksspecified i n the
sow.
50.1.4.2 Special system safety reviews may be needed t o f u l f i l l requirements
ofmunitions safety boards, f i r s t f l i g h t readiness reviews , a n d other safety
c e r t i f i c a t i o na u t h o r i t i e s . These reviewsshould be specified i n the SOW as
p a r t of Task 103.
50.1.4.3 All program reviews provide an opportunity t o review and assign
action items and t o exploreotherareas of concern. A mutuallyacceptable
agenda should be written t o make sureall system safety open items are
covered and t h a t a l l participantsare prepared for meaningful discussions.
50.1.5 System Safety Group/System Safety Working Group S u p p o r t (Task 104).
e
Individualserviceregulationsrequire formation o f SSG/SSWGs for acquisi-
t i o n of expensive, complex or c r i t i c a l systems, equipment or major f a c i l i -
ties.Contractorsupport of an SSG/SSWG i s veryuseful and may be necessary
t o make sure procured hardware or software i s acceptablyfree from hazards
t h a t cou1 d injure personnelorcauseunnecessary damage or loss. The 1 eve1
o f supportdesi red from thecontractor must be detailed i n the contract
through imposition o f Task 104.
50.1.6 Hazard Tracking and Risk Resolution (Task 105). A method or proce-
dure mustbe developed t o document and trackhazards and progress made
toward resolution o f theassociatedrisk. Each prime or associatecontrac-
tor may m a i n t a i n t h e i r own hazard log or assessment report , or the integra-
tor or MA will maintain the document. I f thecontractor i s t o m a i n t a i n the
1og, Task 105 must be imposed. Each hazard t h a t meets or exceedsthe
thresholdspecified by the MA s h o u l d be entered on thelog when f i r s t iden-
t i f i e d , and each actiontaken t o eliminatethe hazard or reducetheasso-
ciated risk thoroughly documented. The MA willdetailthe procedure for
closi ng-out the hazard, or acceptance of any resi dual risk. The hazard 1 og
may be documented and deliveredas p a r t of the system safetyprogress sum-
mary using DI-H-7050A,System SafetyEngineeringReport, or i t can be
i ncl uded as p a r t o f an overall program engi neeri ng/management report.
i
?
50.1.7 Test and E v a l u a t i o n Safety (Task 106). This taskprovides needed
P contractor management a c t i v i t i e s t o make s u r e a l l t e s t s a f e t y requirements
are met priorto and d u r i n g testing.Early p l a n n i n g for t e s t and evaluation
must be done t o considertestingmilestones t h a t willrequirecertain hazard
analyses,range or laboratoryrequirements t h a t may require specially
formattedassessments, reviewof t e s t documents, etc.
50.1.8 System SafetyProgress Summary (Task 107). The system safety
progress summary provides a periodicwrittenreport o f the status of system
safetyengineering and management a c t i v i t i e s . This statusreport may be
. . ~- .- . A-10
Licensed
2542
by Information Handling Services f -8
MIL-STD-882B
APPENDIX A
30 March 1984
6
submitted monthly orquarterly. I t can be formatted and deliveredaccording
t o DI-H-7050A,System SafetyEngineeringReport,or i t can be includedas
p a r t of an overall program engineering/management report.
50.1.9 Qualifications of Key Contractor System Safety Engineers/Managers
(Task 108). Some programs willrequire t h a t the key system safetyengineers
and managers possessspecialqualifications. Some orallqualifications
l i s t e d i n Task 108 maybe required, or the MA may specify other minimum
qual i fi cations. Care must be exercised i n applying Task 108 to assure some
opportunityfor growth and qualification o f neophytesystem safety personnel
L who possess 1 i t t l e experience.
50.2Task Section 200 - Design and Eva1 u a t i on.
50.2.1 Preliminary Hazard List (Task 201). The PHL provides t o the MA a 1 i s t
ofhazards t h a t may requirespecialsafetydesi gn emphasis or hazardous areas
where in-depthanalyses need t o be done. The M may use theresults o f the
PHL to determinethe scope o f follow-on hazard analyses (PHA, SSHA, e t c . ) .
The PHL maybe documented u s i n g DI-H-7048A, System Safety Hazard Analysis
Report.
50.2.2 Prel imi nary Hazard Analysis (Task 202).
50.2.2.1 PHA i s , a s implied by the t i t l e , t h e i n i t i a l e f f o r t i n hazard
analysis d u r i n g the system design phase o r the programmingand requirements
devel opment phase for facilities acquisition. I t may a l so be used on an
operational system fortheinitial examination o f thestate of safety, The
purpose o f the PHA i s not t o affectcontrol of a l l risks b u t t o f u l l y
recognizethe hazardous s t a t e s w i t h a l l ofthe accompanying system
imp1 ications.
50.2.2.2 The PHA e f f o r t should becommenced duringthe i n i t i a l phasesof
system concept, or i n thecase of a fully operational system, a t the i n i -
t i a t i o n o f a safety evaluation. This will he1 p i n the use of PHA resul t s i n
tradeoffstudies which are so important i n the early phases o f system .
devel opment or, i n thecase of an operational system, aid i n an early

determination of the state o f safety. The o u t p u t of the PHA may be used i n
developing system safety requirements and i n preparing performance and
designspecifications. In addition,the PHA i s thebasic hazard analysis
which establishes the framework forother hazard analyses which maybe per-
formed.
50.2.2.3 The PHA should include, b u t n o t be limited t o , the f o l l o w i n g
acti vi t i es:
( a ) A review of perti nent historicalsafetyexperience.
(6) A categorized 1i s t i ng of basic energy sources.
( c ) An investi g a t i o n o f thevariousenergysourcestodetermi ne the
provisions whichhavebeen devel oped for their control .
A-11
.C
L .
MIL-STD-882B
APPENDIX A
30March 1984
( d ) Identification of thesafetyrequirements and otherregulations

pertaining t o personnel safety, environmental hazards , and d$xi,c:
. . substances
with which the system will have t o comply. ' .- I ?
,.
( e ) Recommend correctiveactions.
; L'
50.2.2.4 Sincethe PHA should be i n i t i a t e d very early i n theplanning-,

phase,the d a t a available t o theanalyst may be incomplete an&",qformal.,
Therefore , structure the analysis t o permitconti nua1 revision'%nd u p d a t i n g
asthe conceptualapproach i s modified and refined. As soon asthe
subsystem designdetail S are complete enough t o allow the analyst to-.begin
the subsystem hazard analysis i n detail , terminatethe PHA.' Provide.the C
analyst performing the PHA w i t h thefollowingreferenceinputinformation:
( a ) Desi gn sketches , drawings , and d a t a describing the system a'nd
subsystemelements forthevariousconceptualapproaches under .
consideration. .=,
( b ) Functional flow diagrams and re1ated d a t a describingthe proposed

sequence of a c t i v i t i e s , functions , and operations , involving the system
elementsduringthecontemplated l i f e span.
7
( c ) Background information re1 ated t o safety requirementsassociated
w i t h thecontemplated testing,manufacturing,storage,repair, and use
locations and safetyrelatedexperiences o f similarprevious programs or
acti vi t i es.
50.2.2.5 The techniques used t o perform thisanalysis must be carefully
selected t o m i nimizeprob1ems' in performingfollow-on analyses. The PHA may
be documented as outlined i n DI-H-7048A3System Safety Hazard AnalysisReport.
There areseveral formats t h a t can be used. Some of theseare:
50.2.2.5.1 Narrative format. The narrative format i sr e l a t i v e l y
unstructured and as a result there are many different formatsavailable.
The format primarily depends on theanalyst and thetype o f information
required from theanalysis.
50.2.2.5.2 Matrix format. The matrix format i s the most commonly used
approach for performing and documenting a PHA. There are numerous varieties
.
o f PHA matrix formats. i n use, most of which are fairly similar.
50.2.2.5.3 Other formats. The format used should be tailored t o reflectthe
nature o f the system t o be analyzed,theextent o f informationaboutthe
I
?
system, and the planned use of theanalysis o u t p u t d a t a . Either format i s
ri acceptable and theanalyst must determine which can do the j o b most effec-
t i v e l y . The use of system safety design checklists, such as Air Force Systems
Command Design Handbook 1 - X , i n the performance of a PHA can be a veryeffec-
t i ve method.
50.2.3 Subsystem Hazard Analysis (Task 203).
50.2.3.1This task would be performed i f a system under development
contained subsystems or components t h a t when integratedfunctionedtogether

i
MIL-STD-882B
APPENDIX A
t. 30 March 1984
as a system. This analysislooks a t each 'subsystem ,or componentand

identi fies hazards associated w i t h operati ng or fail ure modes and i s
especially intended t o determi ne how operation or f a i l Ure of components
affectstheoverallsafety of thesystem.Thisanalysisshouldidentify
necessary actions, using the system safety precedence t o determi ne how t o
eliminate or reduce the risk of identifiedhazards.
50.2.3.2 As soon assubsystems are designed i n s u f f i c i e n td e t a i l , or well
into conceptdesign for facilitiesacquisition,the SSHA can begin. I t should
be updated asthedesignmatures. Des gn changes t o components willal so
. need t o be evaluated to, determine whether the safety ofthe system i s
affected. The techniques used for this analysis must be carefully selected to
. mi nimi ze probl ems i n integrating subsystem hazard analyses into the
.
hazard analysis The SSHA may be documented as out1 ined i n DI-H-7048A, System
system
Safety Hazard Analysi s Report.
50.2.4 System Hazard Analysis (Task 204).
50.2.4.1 An SHA i s accomplished i n much the sameway asthe subsystem hazard
analysis. However, as the SSHA examines how component operation or f a i l ure
affectsthesystem,the SHA determines how system operation and f a i l u r e modes
c can affectthesafety o f the system and i t s subsystems. The SHA shouldbegin

as the system designmatures, around thepreliminarydesign review or the
facil it i e s conceptdesign review milestone, and should be updated u n t i l the
design i s complete. Design changes will need t o be evaluated t o determine
t h e i re f f e c t s on thesafety of the system and i t s subsystems. This analysis
shouldcontain recommended actions,applyingthe system safety precedence, t o
eliminate or reducethe risk o f identified hazards.
50.2.4.2 Specifically,the SHA examines a l l subsystem interfacesfor:
( a ) Compliance w i t h s a f e t y c r i t e r i a c a l l e d o u t i n theapplicable
system/subsystemrequirements documents.
( b ) Possible combinations of independent or dependent f a i l ures t h a t can
. causehazards tothe system or personnel. Fai.1 ures of controls and safety
devi ces shoul d be consi dered.
( c ) How normal operations o f systems and subsystems can degrade the
safety of the system.
( d ) Design changes to system,subsystems, or interfaces, 1ogic, and
i
softwarethat can create new hazards to equipment and personnel .
The techniques used to perform this analysis must be carefullyselected t o
minimize probl ems i n integrating the SHA w i t h other hazard analyses. The SHA
maybe documented asoutlined i n DI-H-7048A, System Safety Hazard Analysis
Report
i
254s A-13

MIL-STD-882B
APPENDIX A
30 March 1984
50.2.5 Operating and Support Hazard Analysis (O&SHA) (Task 205).

50.2.5.1 The O&SHA i s performed primarilytoidentify and evaluatethe
hazards associated with the environment , personnel , procedures, and
equipment i n v o l ved throughout theoperation o f a system/el ement. The O&SHA
maybe performed on such activities as testing, installation, modification,
maintenance,support,transportation, ground servicing,storage,operations,
emergency escape,egress,rescue,post-accidentresponses, a n d training.
The O&SHA may al so be selectively appl ied t o facil i t i es acquisition projects
t o make sureoperation and maintenance manuals properlyaddresssafety and
heal t h requirements .
50.2.5.2 The O&SHA e f f o r t should s t a r t e a r l y enough t o provide inputsto
thedesign and prior t o system t e s t and operation. The O&SHA i s most
effective as a continuingclosed-loop iterative process, whereby proposed
changes , additions , and formul a t i o n o f functional activities are eval uated
for safetyconsiderations , prior t o formal acceptance. The analyst
performing the O&SHA should have available:
( a ) Engineeringdescriptions o f the proposed system,support equipment
and facil i ti es.
(b) Draft procedures and prel imi nary operating manual s.
( c ) PHA, SSHA, and SHA reports.
(d) Re1 atedrequirements , constraintrequirements , a n d personne 1 capa-
bilities.
( e ) Human factorsengineering d a t a and reports.
( f ) Lessons 1earned , incl udi ng a history o f mishaps caused by human
error. .
50.2.5.3 Timely application of the O&SHA willprovidedesignguidance. The

findings and recommendations resulting from the O&SHA may affect the diverse
functional responsi b i l i t i es associated w i t h a given program. Therefore, exer-
cise care i n assuring t h a t theanalysisresultsareproperlydistributedfor
theeffective accompl ishment of the O&SHA objectives. The techniques used t o
perform this analysis must be careful 1y sel ected to m i nimi ze prob1 ems i n
integrating O&SHAs w i t h other hazard analyses. The O&SHA may be documented
using DI-H-7048A9System Safety Hazard AnalysisReport.
50.2.6 OccupationalHealth Hazard Assessment (Task 206).
50.2.6.1 The f i r s t s t e p o f theoccupationalhealth hazard assessment i s t o
identify and determine quantities o f potentially hazardous materials or phy-
sicalagents(noise,radiation,heatstress,coldstress) involved w i t h the
system and i t s l o g i s t i cal support. The next step Wou1 d be t o analyze how
thesematerial S or physicalagents are used i n the system and f o r i t s
1ogistical support. Based on theuse,quantity, and type of
substance/agent,estimate whereand how personnelexposures may occur and i f
possiblethedegreeorfrequency o f exposure i n v o l ved. The final step Wou1 d
A- 14
2566
MIL-STD-882B
APPENDIX A
30 March1984
include incorporation i n t o thedesign o f - the system and i t s l o g i s t i cal support

equipment/facil i t i es cost effective controls to reduceexposures t o acceptable
1 evel s . The 1i f e cycl e costs of required controls cou1 d be h i g h and con-
sideration o f al ternati ve systems maybe appropriate.
50.2.6.2 The purpose of thisanalysisis not t o .dictatedesigns based on
health protection, b u t t o assure decision makers are aware of the heal t h
hazards invol ved and t h e i r impacts so t h a t know1 edgeabl e decisions regarding
potentialtradeoffs can bemade.
50.2.6.3 The f o l l o w i n g factorsassociated w i t h the system and the
1 ogisti cal support required to operate and maintain the systemshould be
consi dered:
(a)Toxicity,quantity, and physical s t a t e of material s .
( b ) Routine or planned uses and re1 eases of hazardous materials or
physicalagents.
( c ) Accidental
exposure
potent ials.
(d) Hazardous waste generated.
( e ) Hazardous materi al hand1 i ng , transfer , and transportation
requi rements .
(f) Protecti ve cl o t h i ng/equi pment needs.
(9) Detection and measurement devicesrequired t o quantify exposure
1 evel s .
(h) Number of personnel potentially a t risk.
I ( i ) Engineeringcontrols t h a t could be used, such asisolation,enclosure,

ventil ati o n , noise or r a d i a t i o n barri ers , etc.
50.2.6.4 To definetheacceptablelevel of risk for health hazardsthe MA
v
should require use of chemical substance and physicalagentexposure limits
f o u n d i n appropriateregulations and directive documents, or contact a
qual i f i ed i ndi v i dual in the bioenvironmental engi neeri ng or medi cal community.
For hazardoussubstances or agents w i t h unspecifiedexposurelimitsthe con-
t r a c t o r must provi de the r a t i o n a l e for acceptabl e r i s k c r i t e r i a used for the
OHHA. The OHHA may be documented using DI-H-7048A, System Safety Hazard
Anal ysi S Report.
50.2.7 SafetyVerification (Task 2 0 7 ) .
50.2.7.1 Many safetyrequirements,asspecified i n system specifications,
requirements documents, etc.,will need t o be verified by analysis,
Q inspection,demonstration, or t e s t . Also, d u r i n g design and development,
hazardanalyses will identify hazards t h a t will beremoved through redesign,
controls,safetydevices , etc. Imposition of these changes willrequire
verification. Task 207 outlines how safetyverification should be

.L . I . MIL-STD-88ZB m 99999LL 0359940 O06 W
MIL-STD-882B
APPENDIX A
30 March1984
50.2.7.2 Much safetyverificationwill be outlined i n system/subsystem

t e s t plans and procedures. However, forverification o f risk control
actions taken on h a z a r d s identi fed d u r i n g devel opment, special test
pl ans/procedureswill be needed. Safetytests may be documented and reported
using DI-H-7050, System SafetyEngineeringReport, or they maybe included i n
the system/subsystem testreports.
50.2.8 Training (Task 208).
50.2.8.1 Many programs willrequirecertificationtraining ofpersonnel
involved w i t h devel opment, t e s t , and operation o f the system. A good system
safety program can only be carried o u t i f a l l theplayersinvolved
understand how t o do t h e i r p a r t . Contractordesignengineers need t o
understandbasic system safetyprinciplestodesignhazard-freesystems. A
good t r a i n i n g program willincludetrainingdesignengineersas a top
priority. Managersneed t o be educated a b o u t theimportance o f good i n i t i a l
safetydesigns vs. costlyredesign and retrofits.Contractor and Government
t e s t personnel need t o be trained i n safe hand1 i n g , operation, and testing
o f equipment .
Operational and maintenancepersonnel need safetytraining i n
their functions.
50.2.8.2 Training can be accomplished i n different ways. Formal
cl assroom t r a i n i n g sessions using a t h o r o u g h 1 esson pl an containing a l 1 the
necessary handouts i s one of the most effective and e f f i c i e n t methods.
Imposing exami nations and final certification he1ps assure the trainees have
understood and willhopefullyapplythematerialpresented.
50.2.8.3 The contractor'ssafety t r a i n i n g program should be detailed i n
the SSPP (Task 101).
50.2.9 Safety Assessment (Task 209). The safetyassessment, as outlined i n
the task, can be written by foll owing DI-H-7049A, Safety Assessment Report.
The importance o f thisreportis t h a t i t t e l l s theuser or the t e s t team of
alltheresidualunsafedesign or operatingcharacteristics of thesystem.
I t alsoattempts t o quantifythe risk of any hazards not eliminated, and
i denti f i es any control S , inhibits , or safety procedures.
50.2.10 Safet Y ComDl i ance Assessment (Task 210).

50.2.10.1 A safety compliance assessment i s conducted t o verifythesafe
design o f a system and t o o b t a i n a comprehensive evaluation o f the safety
r i s k being assumed prior t o testoroperation o f a system. I t can be
documented by foll owing DI-H-7049A, Safety Assessment Report. I t i s an
operationally oriented analysis, concerned w i t h the safe useof a system,
equipment, or f a c i l i t y . A safety complianceassessment i s , therefore, broad
inscope,coveringalmosteveryaspect o f thesystem, b u t relatively general
innature,delving i n t o detailonly t o theextentnecessary t o verifythe
system'ssafety or ascertaintherisks and precautionsnecessaryfor its
safe use. A safety compl i ance assessment maybe the only analysis conducted
on a program or i t may serveas a pre-test or pre-operationalsafetyreview,
integrating and summarizing operationalsafetyconsiderationsidentifiedin
more detail ed hazard analyses.
A- 16
MIL-STD-882B
APPENDIX A
c. 30 March 1984
50.2.10.2 A safety complianceassessment may

be theonlyanalysis conducted
on a r e l a t i v e l y low safety risk program. Thelow risk can r e s u l t from
severaldifferentfactors. The system may be an integration of primarily
off-the-shelf equipments i n v o l v i n g l i t t l e or no new design. I t may be a
system which i s 1ow ri S k by nature o f i t s techno1 ogy or compl exi t y .
Compliance w i t h federal, military, national, and industry specifications,
standards, and codes maybe sufficient to make sure o f the basic safety of
the system. A safety compliance assessment may a l so be conducted on higher
safetyrisksystems, such asresearchor advanced development projects,
where thehigherrisks must be accepted, b u t for which safe operation is
b
s t i l l required and therisks must be recognized and reduced t o acceptable
1 evel s.
50.2.10.3 Thisassessment may be conducted d u r i n g any phase o f system
deve1opment. I t should be started as soon as sufficientinformation becomes
available. For exampl e,evaluation of equipment shouldbegin w i t h th'e
design o f equipment components or w i t h the receipt of equipment
'specifications from a subcontractoror vendor. The analysis can also be
tailored i n the SOW t o meet the p a r t i cul ar needs of a program.
50.2110.4 A safety complianceassessment s h o u l d include, b u t n o t be 1 imited
t o , the fol1 owi ng:
r
L. Identification
(a) of appropriate safety
standards and verification of
systemcompliance.Standards may
be specified by theprocuring agency i n a
specification or othercontractual document. This does not precludethe
contractor from i dentifyi ng a d d i t i onal standards whi ch are appropriate. The
contractorshouldalso review available historical safety d a t a from similar
systems.Verificati on may be achieved by several methods, including
analysis, use o f checklists, inspection, test, independent evaluation,or
manufacturer' S c e r t i f i c a t i o n .
( b ) Analysis and resolution of system hazards.Systems, even those
comprised e n t i r e l y o f equipments i n full compliance w i t h appropriatestan-
dards, may contain hazards resulting from u n i que uses, interfaces, instal 1 a-
t i on, e t c . Another facet of this assessment i s t o identify,evaluate, and
eliminate any such "residual"hazards or reduce theirassociatedrisksto
acceptable 1evel s. To accomplish t h i s , t h e assessmentshould incorporate
the scope and techniques o f other hazard analysestothedetailnecessary to
assure a reasonably safe system.
(c)Identification of specializedsafetyrequirements. The above ana-
l y s i s shouldlead to safety design features and othernecessaryprecautions.
The contractor should identifyallsafetyprecautionsnecessary t o safely
operate and supportthesystem. This incl udes appl icabl e precautions exter-
nal tothe system or outsidethecontractor'sresponsibility. For exampl e ,
hazard risk may have t o be control 1 edby special i zed safety equipment and
training because the contract does not allow for redesign or modificatiqnof
off-the-shelfequipments,orthecontractor may not be responsible for pro-
v i ding necessary emergency 1i g h t i n g , fire protection, or personal safety
equipment .
6-1
MIL-STD-882B
APPENDIX A
30 March1984
( d )I d e n t i f i c a t i o no f hazardousmaterials and t h ep r e c a u t i o n s and

procedures necessary f o r t h e s a f e hand1 i n g o f t h e m a t e r i a l .
50.2.11 S a f e t yR e v i e wo fE n g i n e e r i n g .Change Proposals and Requests f o r
Deviation/Waiver(Task211).Thistask may be documented u s i n g DI-H-7050A,
System S a f e t yE n g i n e e r i n gR e p o r t . ECPs t o t h ee x i s t i n gd e s i g n and requests
f o rd e v i a t i o n / w a i v e rf r o me x i s t i n gr e q u i r e m e n t sm u s t be assessed f o r any
p o s s ib l e s a f e t y i m p a c t s t o t h e s y s t e m .O f t e n ,c o r r e c t i o no f a deficiency
w i
l i n t r o d u c e o t h e r o v e r 1 ooked d e f i c i e n c i e s . T h i s t a s k i s d e s i g n e d t o
p r e v e n tt h a to c c u r r e n c eb yr e q u i r i n gc o n t r a c t o rs y s t e ms a f e t ye n g i n e e r st o
examineeach ECP or r e q u e s t f o r d e v i a t i o n / w a i v e r , and i n v e s t i g a t e a l l
conceivabl e ways t h e change o r d e v i a t i o n c o u l d r e s u l t i n an a d d i t i o n a l
hazard(s). The t a s ks p e c i f i e st h a tt h e MA b e n o t i f i e d i f t h e ECP o rr e q u e s t
f o rd e v i a t i o n / w a i v e rd e c r e a s e st h ee x i s t i n gl e v e lo fs a f e t y .
50.2.12 SoftwareHazardAnalysis(Task212).
50.2.12.1 The purpose o sf o f t w a r eh a z a r da n a l y s i si st o (: a e) n s u r e

accuratetranslationofsafetyspecificationrequirementsinto computer
p r o g r a mc o n f i g u r a t i o ni t e m (CPCI) requirements,(b)ensurethe CPCI s p e c i f i -
cationsclearlyidentifythesafetycriteriato be used ( f a i l - s a f e , f a i l -
operati onal , f a i l - r e c o v e r y , e t c . ) ( c ) i d e n t i f y programs, routines, modules, o r
functionswhichcontrolorinfl uence s a f e t y c r i t i c a l f u n c t i o n s , ( d ) a n a l y z e
those programs, routines , modules,and f u n c t i o n s and t h e i r s y s t e m i n t e r f a c e s
for events, faults, andenvironmentswhichcoul d cause o r c o n t r i b u t e t o unde-
s i r e de v e n t sa f f e c t i n gs a f e t y , and ( e )e n s u r et h a tt h ea c t u a l coded s o f t w a r e
does n o tc a u s ei d e n t i f i e dh a z a r d o u sf u n c t i o n st oo c c u ro ri n h i b i td e s i r e d
f u n c t i o n s ,t h u sc r e a t i n gh a z a r d o u sc o n d i t i o n s , and e f f e c t i v e l y m i t i g a t e i d e n -
t i f i e d end itemhardwarehazardousanomalies.
50.2.12.1.1 Some o ft h ec u r r e n ta n a l y s i st e c h n i q u e s and m e t h o d o l o g i e st h a t

a r e a v a i l ab1 e t o c o n d u c tt h i sa n a l y s i sa r e :( a )s o f t w a r ef a u l tt r e e ,( b )
s o f t w a r es n e a kc i r c u i t ,( c )s o f t w a r e / h a r d w a r ei n t e g r a t e dc r i t i c a lp a t h , and
( d )n u c le a rs a f e t yc r o s s - c h e c ka n a l y s i s . Due t o t h e v a r i o u s s t r e n g t h s and
weaknesses o f each t e c h n i que, a thorough software hazard analysis may r e q u i r e
a p p l i c a t i o n o f more t h a n one t e c h n i que on a p a r t i c u l a r s o f t w a r e e l ement.
A d d i t i o n a l l y ,t h ea p p l i c a t i o no f good s o f t w a r ee n g i n e e r i n gp r a c t i c e s is vital
todesigningsoftwarethatissafe and analyzable.
50.2.12.2 Softwarehazardanalys i s s h o u l db e g i ne a r l y i n t h e development

phaseandshoul d be s t r u c t u r e d t o p e r m i tc o n t i n u a lr e v i s i o n and u p d a t i n g as
t h e d e s i gn matures. To i n s u r e , an e f f e c t i v e a n a l y s i s e f f o r t , t h e f o l l o w i n g
i
i n f o r m a t i o n i s needed:
( a ) System and subsystem s p e c i f i c a t i o n s and o t h e ra l l o c a t i o n documents

w h i c hd e s c r i be t h e system, a l l o f t h e v a r i o u s i n t e r f a c e s w i t h t h e s o f t w a r e ,
and normal /abnormal envi ronments which the system coul d encounter.
( b )F u n c t i o n a l fl ow diagrams and r e 1a t e dd a t ad e s c r i b i n gt h ep r o p o s e d
sequence o f a c t i v i t i e s , f u n c t i o n s , and o p e r a t i o n s i n v o l v i n g t h e s y s t e m e l e -
ments d u r i n gt h ec o n t e m p l a t e d l i f e span.
, -.
2550 A- 18
MIL-STD-882B
APPENDIX A
c ( c ) Computer program functional flow charts (or theirfunctional

30 March 1984
equivalents) storage all ocation charts , and other program structure documents
as they become a v a i l able or change.
( d ) Background information re1 atedtosafetyrequi rements associated
with the contempl ated t e s t i ng , manufacturi ng , storage , repair , anti cipated
environments as appl i cabl e, as well as 1 essons 1 earned from simil ar programs
or acti v i t i es.
50.2.12.3 The preliminarysoftware hazard analysiseffort begins when the
L system requirementsallocation hasbeen made and willcontinue u n t i l program
codingbegins. The f i r s t t a s k of this effortwill be t o make sure o f an
accuratefl ow-down of system levelsafetyrequirements as well asrequirements
generated from the system PHA i n t o the CPCI designspecification.
Additionally,theanalysiscontains recommended actions t o eliminateiden-
t i f ied hazards or reduce their associated risk t o an acceptabl e 1 evel . This
e f f o r t Wou1 d general1 y i ncl ude the fol1 owi ng:
( a ) Review of system and subsystem specifications t o identify and
verify hardware-software , software-software , and operator-software
interfaces.
( b ) Analysis of functional flow diagrams (ortheirfunctional
equivalent), storage allocation charts, and other program documentation t o
make surespecification and safety requirements will be met.
( c ) Exami n a t i o n of thesoftware t o determi ne the independence/ depen-
dence and interdependence among modules , t a b 1 es , variabl es , etc. Elements of
software which d i r e c t l y or indirectly influence safety critical software will
be identifiedas being safetycriticalfunction should be analyzed f o r t h e i r
undesi red effects.
50.2.12.4 Follow-on software hazard analysis expands upon thepreliminary
software hazard analysis by examining the a c t u a l source and object code o f
s a f e t y c r i t i c a l programs , routines , modules , and functions -to verify the
actualdesignimplementation. This e f f o r t should be updated u n t i l coding i s
complete. All design changes and modificationsshould be evaluated t o deter-
mine theeffect on system safety. T h i s analysiscontains recommended actions
necessarytoeliminateidentifiedhazardsor reduce their associated risk t o
an acceptablelevel.Specifically, this analysis examines:
( a ) Safety critical algorithms , modules , routines and cal cul ations for
correctness and forinput/output, t i m i n g , and multiple event sensitivity.
( b ) Programs , routines , modules , or functions for design or coding
errors whichcou1 d cause or contribute t o an undesiredeventaffectingsafety.
( c ) S a f e t y c r i t i cal programs , routines modul es or functions f o r
compi i ance with safety cri teria call ed o u t i n appl i cabl e CPCI specifications
S a f e t y c r i t i calportions of software must be examined a t the source/object
code 1evel as appropriate.
A-19

MIL-STD-BBZB m 9999911 0359944 751 m
~
MIL-STD-882B
APPENDIX A
30March1984
( d ) P o s s i b l e combinations o f independent or dependent. hardware or soft-

ware f a i l u r e s , u n i n t e n d e d p r o g r a m jumps, and sing1 e o r mu1 t i p 1 e e v e n t s t h a t
c o u l d cause t h es y s t e mt oo p e r a t e i n a hazardousmanner.
(e)Desi gn changes t o t h e system,subsystems, o ri n t e r f a c e s , 1o g i c , and

s o f t w a r e t h a t cou1 d c r e a t e new hazards.
The s o f t w a r eh a z a r da n a l y s i s may bedocumentedas o u t l i n e d i n DI-H-7048A,

System Safety Hazard Analysis Report.
50.2.13 GFE/GFP(Task
System
Analysis
Safety 213). L
50.2.13.1 T h i st a s ks h o u l d be imposed o n l y i f thesystemunderdevelopment

w l c o n t a i n GFE o r GFP t h a t i n t e r f a c e s d i r e c t l y w i t h contractordeveloped
i
hardwareorsoftware.
50.2.13.2 T h i st a s kp e r m i t st h ec o n t r a c t o rt oi n t e g r a t et h e GFE/GFP i t e m s
i n t ot h es y s t e md e s i gn w i t h f u l l know1 edge o f t h e a s s o c i a t e d h a z a r d s and r i s k
c o n t r o l sb yr e q u i r i n ga c q u i s i t i o no fe x i s t i n ga n a l y s i sd o c u m e n t a t i o n . I f no
suchdocumentation i s a v a i l ab1 e, the contractor must perform the necessary
a n a l y s i st oa s s u r e a s a f ei n t e r f a c e .T h i sa n a l y s i s may bedocumentedand
d e l ivered by a p p r o p r i a t e l y t a i l o r ng i and a p p l y i n g DI-H-7048A,System Safety
HazardAnalysisReport.
A-20

MIL-STD-BBZB m 99999LL 0359945 698 m
MIL-STD-882B
APPENDIX B
30 March1984
APPEND IX B
SYSTEM SAFETY PROGRAM REQUIREMENTS RELATED TO LIFE CYCLE PHASES
60. S I .
60.1 Mission need determination--conceptexploration.
60.1.1 Mission Need Determination. The system safetyeffortwillsupportthe
justificaion o f major system new s t a r t s by identifying safety deficiencies
"
in
existing or projected capabil i t y and by identifying opportunities for system
safety t o improve mission capability or reduce l i f e cycle costs.
60.1.2 Concept Expl oration/Programi ng and Requirements Deve1opment Phase.
System safety tasks appl icabl e t o the concept expl oration/programing and
requirements deve1opment phase are those required t o evaluate the a l ternative
system concepts under considerationfor development and establishthe system
safety programs consistent with theidentifiedmission needs and l i f e cycle
requirements. System safetytaskswillincludethefollowing:
( a ) Prepare an SSPP t o describethe proposed integrated system safety
e f f o r t for theconceptexplorationphase.
( b ) Eva1 uate al 1 consi dered materi al S , desi gn features, maintenance ,
servicing,operationalconcepts, and environments which willaffectsafety
throughoutthe l i f e cycle. Considerhazards which may be encountered i n the
u1 timate disposition f the enti re system, o r components thereof , or o f
dedicated support equipment , which encompasses hazardous materi al s and
substances.
( c ) Perform a PHA t o identify hazardsassociated w i t h each a l t e r n a t i ve
concept.
( d ) Identify possi bl e safety interface probl ems i ncl u d i ng probl ems
associated w i t h software-controlled system functions.
( c ) High1 ig h t specialareas of safety consideration, such as
system limitations, risks, and man-ratingrequirements.
( d ) Review safe and successfuldesigns of simil ar systems for
consi derati on i n al ternati ve concepts.
( e ) Definethe system safety requirements based on pastexperience with
s i m i 1 ar systems.
(f)Identifysafety requirements t h a t may require a waiver d u r i n g
the system l i f e cycle.
!
( 9 ) Identify any safety design analysis,test,demonstration and
val i d a t i on requirements.
"" - "_"
~ ~.
".
"""
2.
B- 1
2% 3
G-5
MIL-STD-882B
APPENDIX B
3.0 March 1984 ,
( h ) Document the system safetyanalyses,results, and

recommendations for each promi s i ng a l ternati ve system concept.
( i ) Prepare a summary report o f theresults of the system safety tasks
conducted d u r i n g the program i n i t i a t i o n phase t o supportthedeci sion-making
process.
( j ) T a i l o r the system safety program for thesubsequent phases o f the
l i f e cycle and includedetailedrequirements i n theappropriate demonstrat i on
and validation phase contractual documents.
60.-1.3 Demonstration and Validation/Concept Design Phase. System safety
tasksduringthedemonstration and val idation/conceptdesign phase will be
tailored t o programs r a n g i n g from extensi ve study and analyses t h r o u g h
hardware devel opment t o prototype t e s t i n g , demonstrati on and val i d a t i o n .
System safetytaskswillincludethefollowing:
( a ) Prepare or updatethe SSPP t o descri be the proposed integrated
system safety effort planned for thedemonstration and validation/concept
desi gn phase.
( b ) Participate i n tradeoffstudies t o ref1ectthe impact on system
safety requirements and risk. Recommend system design changes based on these
studies t o make surethe optimum degree o f s a f e t y i s achieved consistent w i t h
performance and system requirements.
( c ) Perform o r update the PHA done d u r i n g theconcept expl o r a t i o n /
programing and requirements devel opment phase t o evaluatetheconfiguration to
be tested. Prepare an SHA report of thetestconfiguration consideringthe
planned t e s t environment and t e s t methods.
( d ) Establish system safety requirements for system design and c r i t e r i a
for verifing t h a t theserequirements havebeen met. Identifytherequirements
for inclusion i n theappropriatespecifications.
b
( e ) Perform detail ed hazard analyses (SSHA or SHA) ofthedesi gn t o

assesstheriskinvol ved in test operation o f the system hardware and soft-
ware. O b t a i n and include risk assessment of othercontractor'sfurnished
equi p e n t , o f GFE, and of a l l interfacing and ancill ary equipment t o be used
d u r i n g system demonstration tests.Identifythe need for. specialtests t o
demonstrate/eval uate safety functions.
. .- c f ) Identifycriticalparts and assembl i e s , productiontechniques,
assembly procedures, facil i t i e s , t e s t i ng , and i nspecti on requi rements which
may affect safety and will make sure:
(1) Adequate.safetyprovisionsareincluded i n the p l a n n i n g and
1 ayout o f theproduction line to establish safety control of the
demonstration system w i t h i n theproductionprocesses and operations.
Adequate safetyprovisionsareincluded
(2) i n inspections,tests,
1
procedures, andcheck1 i s t s for quality control of the equipment being
manufactured so t h a t safety achieved i n design i s maintained d u r i n g
oroduction.
B-2 6-6
MIL-STD-882B
APPENDIX B
c. . 30 March 1984
( 3 ) Production and manufacturingcontrol d a t a containrequired

warnings , cautions, and specialsafetyprocedures.
( 4 ) Testing and evaluationare performed on earlyproduction
hardware todetect and correctsafetydeficiencies a t the earliest
opportunity.
( 5 ) Minimum r i s ki s involved i n accept i n g and using new des
materi a l s , and production and test techniques.
( 9 ) Establishanalysis,inspection and t e s t requirements for GFE or other
contractor-furnished equipment (hardware,software, and f a c i l i t i e s ) t o verify
prior t o use t h a t applicable system safety requirements are satisfied.
( h ) Perform operating and support h a z a r d analyses of each t e s t , and
review a l lt e s t plans and procedures.Evaluatetheinterfaces between the
t e s t system confi g u r a t i on and personnel , support equipment , special test
equipment, t e s t f a c i l i t i e s , a n d the test environment d u r i n g assembly,
checkout, operation, foreseeable emergencies , disassembly and/or tear-down o f
the test confi g u r a t i o n . Make surehazardsidentified by analyses and t e s t s
areeliminated or theassociatedriskis minimized. Identifythe need for
c specialtests t o demonstrate or evaluatesafety o f testfunctions.

( i ) Review t r a i n i n g pl ans and programs for adequate safety
consi derations .
( j) Review system operation and maintenance publ i cations for adequate
safety considerations, and ensuretheinclusion o f applicable Occupational
.
Safety a n d Heal t h Admi n i s t r a t i on (OSHA) requirements
( k ) Review 1 ogisti c support publ i cations for adequate safety con-
si derations , and ensure the inclusion o f appl icabl e US Department of
Transportation (DOT), US Environmental Protection Agency ( E P A ) , and OSHA
requirements .
(1 ) Evaluate results of s a f e t y t e s t s , f a i l Ure analyses, and mishap
investi gations performed d u r i n g thedemonstration and val i d a t i . o n phase.
Recommend redesi gn or other corrective action (this subparagraphdoes not
apply t o the f a c i l i t y conceptdesignphase).
( m ) Make sure system safety requirementsareincorporated i n t o the
system specification/design documentbased on updated system safety studies,
analyses , and t e s t s .
( n ) Prepare a summary report o f theresults o f the system safety tasks
conducted d u r i n g the demonstration and val idation/concept deve1opment phase
t o supportthedecision-makingprocess.
!
( o ) Continue t o tailorthe system safety program. Prepareorupdate the
SSPP for the full -scal e engineering devel opment phase and production phase.
"~
2555 B-3
Licensed by Information Handling Services - I
MIL-STO-882B
APPENDIX B
30 March 1984
60.1.4 Full-scaleEngineeringDevelopment/FinalDesign Phase. To p r o v i de

s u p p o r tt ot h es y s t e me n g i n e e r i n g program, t h es y s t e ms a f e t yt a s k s duringthe
f u l l - s c a l ee n g i n e e r i n gd e v e l o p m e n t / f i n a ld e s i g n phase w l include the
i
f o l 1 owing:
(a)Prepareorupdate asappl icabl e t h e SSPP f o r t h e f u l l - s c a l e .

e n g i n e e r i n g deve1opmentphase. C o n t i nue e f f e c t i veand t i m e l y imp1 ementation
o f t h e SSPP d u r i n g f a c i l it y f i n a l d e s i g n phase.
( b )R e v i e wp r e l i m i n a r ye n g i n e e r i n gd e s i g n st o make s u r es a f e t yd e s i g n
r e q u i r e m e n t sa r ei n c o r p o r a t e d andhazards i d e n t i f i e d d u r i n g t h e e a r l i e r phases
a r ee l i m i n a t e do rt h ea s s o c i a t e dr i s k sr e d u c e dt o an a c c e p t a b l el e v e l .
( c )U p d a t es y s t e ms a f e t yr e q u i r e m e n t s i n s y s t e ms p e c i f i c a t i o n / d e s i g n
documents.
( d )P e r f o r mo ru p d a t et h e SSHA, SHA and O&SHA and s a f e t ys t u d i e s con-

c u r r e n tw i t ht h ed e s i g n / t e s te f f o r tt oi d e n t i f yd e s i g na n d / o ro p e r a t i n ga n d
supporthazards. Recommend a n yr e q u i r e dd e s i g n changesand c o n t r o pl r o c e -
dures.
(e)Perform an O&SHA f o r each t e s t , and r e v i e wa l lt e s tp l a n s andproce-

d u r e s .E v a l u a t et h ei n t e r f a c e sb e t w e e nt h et e s ts y s t e mc o n f i g u r a t i o n and per-
s o n n e l ,s u p p o r te q u i p m e n t ,s p e c i a lt e s te q u i p m e n t ,t e s tf a c i l i t i e s , and t h e
testenvironmentduringassembly,Check-out,operations,foreseeable emergen-
cies,disassembly,and/ortear-down o ft h et e s tc o n f i g u r a t i o n . Make s u r e
hazardsidentifiedbyanalyses and t e s t s a r e e l m i in a t e d o r t h e j r a s s o c i a t e d
r i s kc o n t r o l l e d .I d e n t i f yt h e need f o rs p e c i a lt e s t st od e m o n s t r a t eo rv e r i f y
s y s t e ms a f e t yf u n c t i o n s c E s t a b l i s ha n a l y s e s ,i n s p e c t i o n , and t e s t r e q u i r e -
ments f o ro t h e rc o n t r a c t o r s 'o r GFE/GFP (hardware,software,and facilities)
t o v e r i f y p r i o r t o use t h a t a p p l icabl e system safety requirements are
satisfied.
( f )P a r t ic ip a t ei nt e c h n i c a ld e s i g n andprogramreviewsandpresent
r e s u l t s o f t h e SSHA, SHA and/or O&SHA.
( 9 )I d e n t i f y and e v a l u a t et h ee f f e c t so fs t o r a g e ,s h e l f - l i f e ,p a c k a g i n g ,
t r a n s p o r t a t i o n , hand1i n g , t e s t , o p e r a t i o n , and maintenance on the safety of
thesystem and i t s components.
( h ) Eva1u a t e r e s u l t s o f s a f e t y t e s t i n g , o t h e r s y s t e m t e s t s , f a i l U r e ana-
l y s e s and m i s h a pi n v e s t i g a t i o n s . Recommend r e d e s i g no ro t h e rc o r r e c t i v e
action.
(i) I d e n t i f y ,e v a l u a t e , and p r o v i d es a f e t yc o n s i d e r a t i o n so rt r a d e o f f
studies.
( j ) Reviewappropriateengineeringdocumentation(drawings,specifica-
t i o n s ,e t c . )t o make s u r es a f e t yc o n s i d e r a t i o n s havebeen i n c o r p o r a t e d .
( k ) Review l o g i s t i c support pub1 i c a t i o n s f o r a d e q u a t e s a f e t y

considerations, andensuretheinclusionof.applicable DOT,EPA, and OSHA
requirements.
B- 4
MIL-STD-BBZB 9 9 9 9 9 3 3 03599Lt9 2 3 3 m
MIL-STD-8826
APPENDIX B
30 March1984
c (1)Verifythe adequacy o f safety and. warning devices, l i f e support

equi went , and personal protecti ve equipment .
( m ) Identifythe. need forsafetytraining and provide safetyinputs to
t r a i n i n g courses.
( n ) Providesystem safetysurveil1 ance and support of t e s t u n i t produc-
tion and of pl a n n i n g for full -scal e production and .deployment. Identify
c r i t i cal parts and assembl i e s , production techniques , assembly procedures ,
f a c i l i t i e s , t e s t i n g , and inspectionrequirements which may affect safety and-
will make sure:
(1) Adequate safetyprovisionsareincluded i n the p l a n n i n g and
. layout of the production l i n e t o establish
t i o n system withintheproductionprocess
safety
control
and operations.
of the demonstra-
4
( 2 ) Adequate safetyprovisionsareincluded i n inspections,tests,
procedures , andcheck1 i s t s for qual i t y control of the equipment being manu-
factured so t h a t safety achieved i n design i s maintained d u r i n g production.
( 3 ) Production and manufacturingcontrol d a t a containrequired warn-
ings, cautions , and specialsafetyprocedures.
( 4 ) Testing and evaluationare performed on early production hard-
ware t o detect and correct safety deficiencies a t theearliestopportunity.
(5) Minimum r i s k i s i nvolved i n accepting and usi ng new desi gns ,
material s , and production and test techniques.
( o ) Make sure procedures devel oped for system t e s t , maintenance , opera-
t i o n , and servicing provide forsafedisposal of expendabl e hazardous
materials. Consider any material or manufactured component (whether or not
an identifiable spare p a r t or rep1 enishable component) when access t o hazar-
dous material will be required by personnel d u r i n g pl anned servicing,tear-
down, or maintenance a c t i v i t i e s , o r i n reasonably foreseeabl e unpl anned
eventsresulting from workplace operations.Safety d a t a devel oped i n SSHAs,
* SHAs, and O&SHAs, and summarized in safety assessment
reports must al so iden-
t i f y any hazards which must be considered when the system , or components
thereof,areeventuallydemilitarized and subject t o disposal. (Not a p p l i -
cab1 e for facilities construction.!
( P ) Prepare a summary report of theresults of the system safetytasks
conducted d u r i n g the full-scale engineering devel opment phase t o supportthe
deci s i on-maki ng process.
(9)Tail or system safety program requirements for theproduction and
de pl owen t pha s e.
60.1.5 Production andDeployment Phase. As p a r t of the on-going system
safety program, the system safetytasksduringtheproduction and deployment
phase willincludethefollowing ( t h i s paragraph i s not applicable t o the .
facilitiesconstructionlifecycle.):
B-5

MIL-STD-BBZB m 9999911 0359950 T55 m
MIL-STD-882B
APPENDIX B
30 March 1984
( a ) Prepareorupdatethe SSPP t o reflectthe system safety program

requirementsforthe production and deployment phase.
( b ) I d e n t i f y c r i t i cal parts and assembl i e s , p r o d u c t i o n techniques ,
assemblyprocedures, f a c i l i t i e s , t e s t i n g , and inspectionrequirements w h i c h
may affect safety and will make sure:
(1) Adequate safetyprovisionsareincluded i n the p l a n n i n g and
1 ayout of theproduction 1 ine t o establish safety control of the system
w i t h i n theproductionprocess and operations.
(2) Adequate safetyprovisionsareincluded i n inspections,tests,
procedures, and check1 i s t s for qual i t y control of the equipment being manu-
factured so t h a t safety achieved i n design i s maintained d u r i n g p r o d u c t i o n .
( 3 ) Productiontechnical manuals or manufacturingprocedurescontain
requiredwarnings,cautions , and specialprocedures.
( 4 ) Minimum r i s k i s i n v o l ved i n accepting and using new designs,
material S , and production and test techniques.
(c)Verify t h a t testing and evaluation i s performed on early production
hardware t o detect and correctsafetydeficiencies a t the earliest oppor-
t u n i ty.
( d ) Perform O&SHAs o f each t e s t , and review a l l t e s t pl ans and proce-
dures.Evaluatetheinterfaces between thetest system configuration and per-
sonnel s supportequipment,special t e s t equipment , t e s t f a c i l i t i e s , and the
t e s t environment d u r i n g assembly,checkout,operation,foreseeable emergen-
c i e s , disassembly and/or tear-down o f thetestconfiguration. Make sure
hazards identified by analyses and testsareeliminated or theirassociated
r i s k reduced t o an acceptabl e 1 evel .
( e ) Review technical d a t a for warnings cautions, and specialprocedures
identifiedasrequirements i n the O&SHA for safeoperation,maintenance,ser-
vicing,storage,packaging, h a n d l i n g , and transportation.
( f ) Perform O&SHAs of deployment operati ons , and review a l l depl oyment

Pl ans and procedures. Eva1 uatetheinterfaces between the system being
deNployed w i t h personnel , support equipment, packaging, facil i t i es, and the
deployment environment , d u r i ng transportati on, storage, hand1 i n g , assembly,
i n s t a l l a t i o n , checkout, and demonstration/testoperations. Make sure hazards
identified by analysesareeliminated or their associated risk is reduced t o
an acceptable 1 evel .
(9) Review procedures and monitor results o f periodicfieldinspections
or tests (including recall -for-tests) t o make sure acceptabl e 1 evel S o f safety
a are kept.Identify major or c r i t i c a lc h a r a c t e r i s t i c s of safetysignificant
items t h a t deteriorate w i t h age,environmentalconditions, or otherfactors.
- ( h ) Perform or update hazard analyses t o identify any new hazards t h a t
may r e s u l t from designchanges. Make surethesafety imp1 ications of the
changes areconsidered i n a l l configurationcontrolactions.
B-6
6-10
MIL-STD-882B
APPENDIX B
30 March 1984
( i ) Evaluate results of failureanalyses and mishap investigations.

Recommend correctiveaction.
( j ) Monitor the system throughoutthe l i f e cycle t o determinethe ade-
quacy o f the design, and operati ng, maintenance, andemergency procedures.
( k ) Conduct a safety review o f proposed new operating and maintenance
procedures , or changes , t o make sure the procedures , warnings , and cautions
are adequate and inherentsafetyis not degraded. These reviews shall be
documented as updates t o the O&SHAs.
(1 ) Document hazardous conditions and system defi cienci es for deve1 op-
ment of follow-onrequirements for modified or new systems.
1' (m) Update safety documentation, such asdesign handbooks , military
standards and specifications, t o ref1ectsafety"lessonslearned."
I ( n ) Evaluatethe adequacy of safety and warning devices , l i f e support
equi pment , and personnel protecti ve equipment .
60.1.6 Construction Phase. As part of thecontinuing system safety program
for facil i t i es , the system safety tasks for this phase will include the
f o1 1owi ng :
( a ) Ensure theapplicationofallrelevant b u i l d i n g safety codes

including OSHA, Nati onal FireProtectionAssociation, and U.S. Army Corps of
Engi neers safety requirements .
( b ) Conduct h a z a r d analyses t o determi ne safety requirements a t a l l
interfaces between t h e f a c i l i t y and those systems planned for i n s t a l l a t i o n .
( c ) Review equipment installation,operation, and maintenance plans t o
make sure a l l design and procedural safety requirements havebeen met.
( d ) Continue theupdating o f the hazard correctiontracking begun d u r i n g
thedesignphases.
( e ) Evaluate mishaps orotherlosses t o determine i f they were theresult
o f safety deficiencies or oversight.
( f ) Update hazard analyses t o identify any new hazards t h a t may r e s u l t
from change orders.
60.2 System safety program requirements for otheracquisitions. For programs
t h a t do not fol1 ow the standard system 1i f e cvcl e phases out1 ined i n theme-
vious paragraphs the res ponsi bl e &ti v i t y must carefully integrate the
requirements of this s t a n d a r d intotheacquisitionprocess beingused. .. .
Although different, facilities, ship construction, and certain major one-of-a-
k i n d procurements s t i l l evolvethrough a concept/desi gn/assembly/
acceptancesequence somewhat analogous t o theclassic 1 ife cycle. The MA
should carefully describe what system safety d a t a are t o be submitted i n the
appropriatecontractual document, assuringthese d a t a aresubmitted prior t o
key deci si on poi nts .
B-7

.. i MIL-STD-88ZB m 9999911 0359952 8 2 8 m
MIL-STD-882B
APPENDIX B
30 March 1984
60.3 System Safety Requirements for Technology Development. Considersystem -.L"?

safetyduring development oftechnology. System safety concernsa'shoul d be
documented. Thisdocumentationwillprovidethesystemsafety background data
necessary s h o u l d a decision bemade t o imp1 ement the technology within a
system deve1opment program.
B-8

MIL-STD-BBZB m 99797ll 0359953 7bLI m
MIL-STD-882B
APPENDIX C
20 March1983
APPENDIX .C
DATAREQUIREMENTS FOR MIL-STD-882B
70. DATA
REQUIREMENTS
FOR MIL-STDL882B.
70.1 D a t ai t e md e s c r i p t i o n s and theparagraphs of MIL-STD-882B where t h e i r

requirementsare 1o c a t e da r e as f o l 1 ows: .
Location Paragraph D I D No.
DI-H-7047A
Paragraph
101 3.1.14
Task and
Task 202 D I -H-7048A
Task 203 DI-H-7048A
Task 204 DI-H-7048A
Task 205 DI-H-7048A
Task 206 D I -H-7048A
Task 212 D I -H-7048A
Task 213 DI-H-7048A
Task 210
Task 211
* V.S. GOVERNMENT PRIhTING OFFICE: 1984-705-040/A-2063
c- 1
"
2561
6-13
- 7
2562
G-14

Mil STD 882b

Uploaded by

Copyright:

Available Formats

Mil STD 882b

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Mil STD 882b

Uploaded by

Copyright:

Available Formats

What is the purpose of a system safety program?

What is the purpose of a system safety program?

What are some system safety tasks during the construction phase?

What are some system safety tasks during the construction phase?

S-OS-.

SYSTEMSAFETY PROGRAM REQUIREMENTS

AMSC Number F3329 FSCSAFT

. T H I S DOCUMENT CONTAINS y' PAGES.

Licensed by Information Handling Services

System Safety Program Requirement s

1. T h i sM i l i t a r yS t a n d a r d i s approved f o r useby a l l Departmentsand

3. MIL-STD-882B i s exemptfrom OMB a p p r o v a al c t i o n . It i s consideredtech-

Licensed by Information Handling Services

The principalobjective of asystem safety program w i t h i n the Department of

... ........................ 103-1

Licensed by Information Handling Services

MIL-STD-882B W 9 9 9 9 9 3 3 0359863 7 2 2 W""".

1.3.2.3 Method o f Reference. When s p e c i f y i n gt h et a s k so ft h i ss t a n d a r d as \ *

2. REFERENCED DOCUMENTS. Referenceddocumentsarenotincluded in this

3. DEFINITIONS AND ABBREVIATIONS.

3.1 Definitions. The f o l l o w i n gd e f i n i t i o n sa p p l y :

3.1.2Damage. The p a r t i a l o r t o t a l 1oss o f hardwarecaused.bycomponent

3.1.3 Hazard. A c o n d i t i o nt h a ti sp r e r e q u i s i t et o a mishap.

3.1.4 HazardousEvent. An o c c u r r e n c et h a ct r e a t e s a hazard.

3.1.5 HazardousEventProbability. The l i k e l i h o o d e, x p r e s s e d in

3.1.7 HazardSeverity. An assessment o ft h ew o r s tc r e d i b l em i s h a pt h a t

3.1.8 Managing A c t i v i t y . The, o r g a n i z a t i o n a le l e m e n to f DoD assigned

3.1.9 Mishap. An u n p l a n n e de v e n to rs e r i e so fe v e n t st h a tr e s u l t s i n death,

materiel requirement w i t h no expenditure of f u n d s for deve1 opnent ,

3.1.22 System Safety Program P l a n . A description of the planned methods t o

4. SYSTEM SAFETY REQUIREMENTS.

4.1 System Safety Program. The contractorshallestablish and m a i n t a i n a

c e. Actionstaken to eliminate hazardsorreduce

t o improve safetyare minimized t h r o u g h

4.4 System SafetyPrecedence. The o r d e ro f precedence f o rs a t i s f y i n g system

d. Deve1op Procedures and T r a i n i n g . Where i t i si m p r a c t i c a lt oe l i m i n a t e

error; environmental conditions;designinadequacies;proceduraldeficiencies;

Des cri p t i on Category Mishap Defi n i t i on

MARGINAL II I Minor injury, minor occupational

Descri p t i on*Level Speci f i c I n d i v i dual I tem F1 eetor Inventory**

L PROBABLE B Will occurseveral

5. TASK DESCRIPTIONS. The t a s kd e s c r i p t i o n sa r ed i v i d e di n t o two general

Custodi ans : Preparing Activity

Licensed by Information Handling Services

THIS PAGE INTENTIONALLYLEFT BLANK

SYSTEM SAFETY PROGRAM

desi gnated tasks i n Sections 100 and 200.

THIS PAGE INTENTIONALLYLEFT BLANK

Licensed by Information Handling Services B-6

Licensed by Information Handling Services

qualifications of key system safety personnelassigned , including those who

b. The depth w i t h i n the system to which eachtechnique i s used including

c. Procedure for ensuring thesafe conduct of a l lt e s t s .

INTEGRATION/MANAGEMENT OF ASSOCIATE CONTRACTORS, SUBCONTRACTORS, AND

a.Prepare an integrated system safety program pl an (ISSPP) asthe SSPP

c- each associatecontractor w i t h format andmethod t o be utilized.

b. Initiateaction through the MA t o make sure each associatecontractor

Licensed by Information Handling Services